| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hinweis von web.de auf Zeus gefunden wurde Trojaner.BankerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.10.2012, 17:18
| #16 |
| /// the machine /// TB-Ausbilder    |  Hinweis von web.de auf Zeus gefunden wurde Trojaner.BankerESET Online Scanner
Wie läuft der Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.10.2012, 19:10
| #17 |
 | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker so scan läuft
__________________also an sich normal nur das avg immer ein neustart will aber nicht erkennt das es schon einen gab. Da der Scan zu lange gestern dauert musste ich bei 50% stoppen hier schon mal die txt file lasse später noch mal laufen C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Win32/Toolbar.SearchSuite application C:\Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application C:\Users\Dennis_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\c693b02-54a1786b Java/TrojanDownloader.Agent.NAM trojan C:\Users\Dennis_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\30b50957-7fbc77be OSX/Exploit.Smid.B trojan C:\Users\Dennis_2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\12ed19f-6f34bb47 Java/TrojanDownloader.Agent.NAM trojan C:\Users\Dennis_2\Downloads\etypesetup.exe a variant of Win32/Somoto.A application C:\Users\Dennis_2\Downloads\gamebooster23.exe a variant of Win32/Toolbar.Widgi application C:\Users\Dennis_2\Downloads\setup(1).exe Win32/Adware.Bundlore application C:\Users\Dennis_2\Downloads\Setup1.9.3_FreeConverter.exe Win32/Toolbar.Widgi application |
|
11.10.2012, 06:34
| #18 |
| /// the machine /// TB-Ausbilder | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker Downloads-Ordner leeren, Toolbar deinstallieren. Und ein frisches OTL log bitte. Noch Probleme?
__________________
__________________ |
|
11.10.2012, 16:24
| #19 |
| | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker ok downloadordner ist leer und toolbar such ich grad danach noch mal eset laufen lassen ? |
|
11.10.2012, 17:21
| #20 |
| /// the machine /// TB-Ausbilder | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker Nö  Öffne OTL, bei Extra Registrierung auf Benutze safe List stellen und Scan Button drücken.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.10.2012, 17:25
| #21 |
| | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.10.2012 17:38:56 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis_2\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,29% Memory free 6,20 Gb Paging File | 5,05 Gb Available in Paging File | 81,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 31,76 Gb Free Space | 28,38% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 96,85 Gb Free Space | 87,25% Space Free | Partition Type: NTFS Drive F: | 3,69 Gb Total Space | 3,68 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: MASTERSREICH | User Name: Dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.09 17:17:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis_2\Desktop\OTL.exe PRC - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe PRC - [2012.07.31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.07.26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2012.06.13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2008.12.19 01:30:20 | 000,323,216 | ---- | M] (Napster) -- C:\Programme\Napster\napster.exe PRC - [2008.11.28 18:26:36 | 000,618,232 | ---- | M] () -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.08.19 07:17:04 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.08.14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe PRC - [2008.08.14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe PRC - [2008.08.14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe PRC - [2008.07.08 04:27:00 | 006,273,568 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.02.12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2007.02.05 16:52:12 | 000,849,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2002.02.20 10:24:44 | 000,425,984 | ---- | M] (Kuju Entertainment Ltd) -- C:\Programme\Microsoft Games\Train Simulator\launcher.exe ========== Modules (No Company Name) ========== MOD - [2011.07.01 16:57:44 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.07.01 16:57:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.07.01 16:48:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011.07.01 16:48:39 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll MOD - [2011.07.01 16:31:14 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.07.01 16:30:21 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.07.01 16:29:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.07.01 16:25:43 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.07.01 16:25:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.09.01 13:50:49 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3142.27162__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.09.01 13:50:49 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3142.27360__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.09.01 13:50:49 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3142.27118__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.09.01 13:50:49 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3142.27165__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.09.01 13:50:49 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3142.27323__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.09.01 13:50:49 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3142.27285__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.09.01 13:50:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3142.27155__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.09.01 13:50:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3142.27255__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.09.01 13:50:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3142.27140__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.09.01 13:50:34 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3142.27295__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:34 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3142.27362__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:34 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3142.27296__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.09.01 13:50:34 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3142.27133__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3142.27294__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.09.01 13:50:33 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3142.27259__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3142.27167__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3142.27142__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3142.27312__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.09.01 13:50:33 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3142.27166__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3142.27359__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3142.27279__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3142.27258__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.09.01 13:50:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3142.27358__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.09.01 13:50:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3142.27174__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.09.01 13:50:33 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3142.27278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.09.01 13:50:32 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3142.27283__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:32 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3142.27175__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.09.01 13:50:31 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3142.27248__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:31 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3142.27257__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:31 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3142.27256__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.09.01 13:50:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3142.27257__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.09.01 13:50:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3142.27282__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.09.01 13:50:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3119.30092__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.09.01 13:50:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3119.30081__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.09.01 13:50:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3119.30104__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2008.09.01 13:50:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3119.30177__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.09.01 13:50:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3119.30120__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.09.01 13:50:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3119.30176__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.09.01 13:50:31 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.09.01 13:50:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3119.30063__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.09.01 13:50:30 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3119.30065__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.09.01 13:50:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3119.30127__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.09.01 13:50:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3119.30117__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.09.01 13:50:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3119.30171__90ba9c70f846762e\DEM.OS.dll MOD - [2008.09.01 13:50:29 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3119.30149__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3119.30067__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.09.01 13:50:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3119.30096__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3119.30145__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.09.01 13:50:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3119.30169__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3119.30118__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3119.30232__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.09.01 13:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3119.30167__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3119.30141__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3119.30146__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3119.30100__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.09.01 13:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3119.30089__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.09.01 13:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3119.30082__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.09.01 13:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3119.30128__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3119.30094__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3119.30139__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3119.30129__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.09.01 13:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.09.01 13:50:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.09.01 13:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3119.30122__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.09.01 13:50:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.09.01 13:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3119.30119__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.09.01 13:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3119.30093__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.09.01 13:50:24 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3142.27111_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll MOD - [2008.09.01 13:50:24 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3142.27338_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.09.01 13:50:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3142.27379__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.09.01 13:50:23 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3142.27393__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2008.09.01 13:50:23 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3142.27105__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.09.01 13:50:22 | 000,999,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3142.27126__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.09.01 13:50:22 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3142.27338__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.09.01 13:50:22 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3142.27148__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.09.01 13:50:22 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3142.27349__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.09.01 13:50:22 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3142.27109__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.09.01 13:50:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3142.27346__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.09.01 13:50:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3142.27111__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2008.09.01 13:50:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3142.27108__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.09.01 13:50:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3119.30123__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3119.30076__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.09.01 13:50:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3119.30101__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3119.30085__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.09.01 13:50:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.09.01 13:50:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3142.27348__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.09.01 13:50:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3119.30121__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3119.30121__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.09.01 13:50:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3119.30113__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3119.30150__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3119.30074__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.09.01 13:50:22 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2008.09.01 13:50:22 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2008.09.01 13:50:21 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3142.27108__90ba9c70f846762e\APM.Server.dll MOD - [2008.09.01 13:50:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3142.27106__90ba9c70f846762e\AEM.Server.dll MOD - [2008.08.14 17:23:22 | 000,118,032 | ---- | M] () -- C:\Programme\Logitech\QuickCam\LAppRes.DLL MOD - [2008.08.14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe MOD - [2008.08.14 17:13:30 | 000,149,264 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\LogiVOIPDevicePlugin.dll MOD - [2008.08.14 17:13:08 | 000,165,136 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\LogiCordless4001.dll MOD - [2008.08.14 17:13:08 | 000,138,000 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\LogiCordless.dll MOD - [2008.08.14 17:12:10 | 000,167,184 | ---- | M] () -- C:\Programme\Logitech\QuickCam\EFVal.dll MOD - [2008.08.14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe MOD - [2008.08.14 17:11:48 | 000,345,872 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\DevMngr.dll MOD - [2008.08.08 09:48:22 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.07.27 20:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.26 08:24:04 | 000,068,120 | ---- | M] () -- C:\Programme\Common Files\logishrd\LVCOMSER\LVCSPS.dll MOD - [2008.03.18 05:21:32 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2007.08.14 06:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 06:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 06:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.11.28 18:26:36 | 000,618,232 | ---- | M] () [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2006.10.26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dennis\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.10.05 18:41:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.08.24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.07.26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2010.08.02 16:19:38 | 000,066,816 | ---- | M] (LG Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis) DRV - [2010.08.02 16:19:36 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem) DRV - [2010.08.02 16:19:34 | 000,022,272 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetgps.sys -- (AndNetGps) DRV - [2010.08.02 16:19:32 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag) DRV - [2010.08.02 16:19:28 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2010.08.02 16:19:26 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2010.08.02 16:19:24 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2010.08.02 16:19:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009.04.06 13:19:46 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.01.23 10:49:06 | 000,038,816 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2009.01.13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2009.01.13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2009.01.13 19:13:36 | 000,031,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2009.01.13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2009.01.13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2008.11.28 18:26:37 | 000,097,808 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2008.11.28 18:26:37 | 000,072,720 | ---- | M] (COMODO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect) DRV - [2008.11.28 18:26:37 | 000,025,104 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2008.09.01 14:07:27 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.08.28 07:39:34 | 000,241,664 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302) DRV - [2008.08.08 10:31:30 | 003,895,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.07.26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.05.28 10:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2008.05.07 10:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.28 02:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2008.03.21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.10.12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 02:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2006.11.08 00:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009.02.08 17:25:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.10 18:01:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.09.02 11:34:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.11.05 01:17:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.10.02 02:46:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2012.02.07 01:19:22 | 000,000,000 | ---D | M] [2011.10.03 21:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions [2009.04.26 23:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\extensions [2009.04.26 23:00:05 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2012.05.13 15:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6vjf7ovq.default\extensions [2009.09.02 06:34:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION O1 HOSTS File: ([2012.10.09 20:37:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programme\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Programme\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [combofix] C:\ComboFix\CF14120.3XE (Microsoft Corporation) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 File not found O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF14120.3XE (Microsoft Corporation) O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk = C:\Programme\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08293879-2516-4F52-954A-50A7E3B00BF1}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B77411-A3C9-42D5-918E-27107C0B0739}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD57838A-40EF-4ADB-BE5E-3F7B739EAC7E}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.09 20:37:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.09 20:37:11 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\temp [2012.10.09 20:18:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.09 20:14:33 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.10.09 20:13:53 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012.10.09 18:42:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.09 18:42:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.09 18:42:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.09 18:41:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.09 18:40:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.08 21:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.05 18:40:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.10.05 18:40:59 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes [2012.10.05 18:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.05 18:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.05 18:39:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.05 18:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.14 04:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.14 04:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.11 17:50:26 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C9E77C98-A353-48E3-9E4A-A604B803B792}.job [2012.10.11 17:12:40 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 17:12:39 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 17:12:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.11 17:11:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.11 06:58:05 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1061286310-3026546113-1237927848-1004UA.job [2012.10.10 20:58:11 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1061286310-3026546113-1237927848-1004Core.job [2012.10.09 20:37:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.09 07:12:26 | 000,000,107 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2012.10.08 21:24:43 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.08 21:24:43 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.08 21:24:43 | 000,150,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.08 21:24:43 | 000,122,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.05 18:41:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.10.05 18:39:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.04 13:07:11 | 096,450,964 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.09.30 18:13:28 | 000,435,203 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.09.14 04:36:31 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.09 18:42:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.09 18:42:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.09 18:42:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.09 18:42:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.09 18:42:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.09 07:11:57 | 000,000,107 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2012.10.05 18:39:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.14 04:36:31 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.04.27 00:23:05 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Input.xml [2012.04.26 23:56:30 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Settings.xml [2011.09.17 00:21:22 | 000,000,000 | ---- | C] () -- C:\Windows\Podcast.INI [2011.09.17 00:09:33 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.08.09 17:50:27 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe [2011.04.21 20:42:21 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2011.03.31 18:33:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011.03.31 18:33:06 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011.02.20 00:41:22 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009.01.03 00:07:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.02.07 01:22:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AVG2012 [2011.03.24 19:11:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.28 21:14:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\elsterformular [2011.02.20 00:41:27 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FreeAudioPack [2011.06.30 00:29:37 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ [2009.04.16 01:39:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech [2011.04.11 17:28:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\LG Electronics [2009.09.24 00:44:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Screaming Bee ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.09.02 11:34:30 | 000,000,000 | -H-D | M] -- C:\$AVG [2012.10.11 17:25:32 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012.10.09 20:14:34 | 000,000,000 | --SD | M] -- C:\32788R22FWJFW [2010.05.03 23:12:33 | 000,000,000 | ---D | M] -- C:\AVGTemp [2009.09.24 00:24:54 | 000,000,000 | ---D | M] -- C:\AV_LOGS [2008.02.08 11:31:20 | 000,000,000 | -HSD | M] -- C:\Boot [2012.10.09 20:37:24 | 000,000,000 | --SD | M] -- C:\ComboFix [2012.10.11 07:08:36 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.11.28 14:49:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.09.28 18:44:12 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2012.02.21 02:33:07 | 000,000,000 | ---D | M] -- C:\Graphics [2011.03.31 19:43:56 | 000,000,000 | ---D | M] -- C:\LGP500 [2011.09.17 00:09:56 | 000,000,000 | ---D | M] -- C:\MAGIX [2012.09.07 22:36:20 | 000,000,000 | ---D | M] -- C:\Mozilla Firefox [2008.09.01 14:16:42 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.09.01 14:00:39 | 000,000,000 | ---D | M] -- C:\MyWorks [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.11 17:25:34 | 000,000,000 | R--D | M] -- C:\Program Files [2012.10.09 07:11:49 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.11.28 14:49:37 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.09 18:42:26 | 000,000,000 | ---D | M] -- C:\Qoobox [2009.01.15 22:29:20 | 000,000,000 | ---D | M] -- C:\SkyDecks Panel Design [2012.10.11 17:52:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.11.28 17:33:26 | 000,000,000 | R--D | M] -- C:\Users [2012.10.09 20:37:11 | 000,000,000 | ---D | M] -- C:\Windows [2008.11.28 18:06:55 | 000,000,000 | ---D | M] -- C:\XP Antispy < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > [2012.10.11 07:08:33 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91120000-0031-0000-0000-0000000FF1CE} < %localappdata%\*. /5 > [2012.10.11 17:31:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Local\temp ========== Files - Unicode (All) ========== [2009.02.13 16:52:32 | 000,000,000 | ---D | M](C:\Windows\System32\?etup.features.srv_emc_lotus) -- C:\Windows\System32\Ǝetup.features.srv_emc_lotus [2009.02.13 16:52:32 | 000,000,000 | ---D | C](C:\Windows\System32\?etup.features.srv_emc_lotus) -- C:\Windows\System32\Ǝetup.features.srv_emc_lotus ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:40D3D3E8 < End of report > |
|
11.10.2012, 17:27
| #22 |
| /// the machine /// TB-Ausbilder | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker und das zweite log?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.10.2012, 17:29
| #23 |
| | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker Ja Papa :-D kommt sofort |
|
11.10.2012, 17:36
| #24 |
| /// the machine /// TB-Ausbilder | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker Ja hopp hopp 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.10.2012, 17:55
| #25 |
| | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.10.2012 18:27:43 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis_2\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,59% Memory free 6,20 Gb Paging File | 4,88 Gb Available in Paging File | 78,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 32,30 Gb Free Space | 28,87% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 96,85 Gb Free Space | 87,25% Space Free | Partition Type: NTFS Drive F: | 3,69 Gb Total Space | 3,68 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: MASTERSREICH | User Name: Dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.09 17:17:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis_2\Desktop\OTL.exe PRC - [2012.09.07 22:35:56 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Mozilla Firefox\firefox.exe PRC - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe PRC - [2012.07.31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.07.26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2012.06.13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2008.12.19 01:30:20 | 000,323,216 | ---- | M] (Napster) -- C:\Programme\Napster\napster.exe PRC - [2008.11.28 18:26:36 | 000,618,232 | ---- | M] () -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2008.11.28 18:26:35 | 001,796,856 | ---- | M] () -- C:\Programme\COMODO\COMODO Internet Security\cfp.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.08.19 07:17:04 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.08.14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe PRC - [2008.08.14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe PRC - [2008.08.14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe PRC - [2008.07.08 04:27:00 | 006,273,568 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.02.12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2007.02.05 16:52:12 | 000,849,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2002.02.20 10:24:44 | 000,425,984 | ---- | M] (Kuju Entertainment Ltd) -- C:\Programme\Microsoft Games\Train Simulator\launcher.exe ========== Modules (No Company Name) ========== MOD - [2012.09.07 22:35:55 | 002,244,064 | ---- | M] () -- C:\Mozilla Firefox\mozjs.dll MOD - [2011.07.01 16:57:44 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.07.01 16:57:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.07.01 16:48:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011.07.01 16:48:39 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll MOD - [2011.07.01 16:31:14 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.07.01 16:30:21 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.07.01 16:29:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.07.01 16:25:43 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.07.01 16:25:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2008.11.28 18:26:36 | 000,283,896 | ---- | M] () -- C:\Programme\COMODO\COMODO Internet Security\Themes\cfp.theme MOD - [2008.11.28 18:26:35 | 001,796,856 | ---- | M] () -- C:\Programme\COMODO\COMODO Internet Security\cfp.exe MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.09.01 13:50:49 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3142.27162__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.09.01 13:50:49 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3142.27360__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.09.01 13:50:49 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3142.27118__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.09.01 13:50:49 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3142.27165__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.09.01 13:50:49 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3142.27323__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.09.01 13:50:49 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3142.27285__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.09.01 13:50:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3142.27155__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.09.01 13:50:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3142.27255__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.09.01 13:50:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3142.27140__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.09.01 13:50:34 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3142.27295__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:34 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3142.27362__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:34 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3142.27296__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.09.01 13:50:34 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3142.27133__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3142.27294__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.09.01 13:50:33 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3142.27259__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3142.27167__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3142.27142__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3142.27312__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.09.01 13:50:33 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3142.27166__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3142.27359__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3142.27279__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3142.27258__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.09.01 13:50:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3142.27358__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.09.01 13:50:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3142.27174__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.09.01 13:50:33 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3142.27278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.09.01 13:50:32 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3142.27283__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:32 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3142.27175__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.09.01 13:50:31 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3142.27248__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:31 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3142.27257__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:31 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3142.27256__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.09.01 13:50:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3142.27257__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.09.01 13:50:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3142.27282__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.09.01 13:50:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3119.30092__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.09.01 13:50:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3119.30081__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.09.01 13:50:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3119.30104__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2008.09.01 13:50:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3119.30177__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.09.01 13:50:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3119.30120__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.09.01 13:50:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3119.30176__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.09.01 13:50:31 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.09.01 13:50:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3119.30063__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.09.01 13:50:30 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3119.30065__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.09.01 13:50:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3119.30127__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.09.01 13:50:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3119.30117__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.09.01 13:50:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3119.30171__90ba9c70f846762e\DEM.OS.dll MOD - [2008.09.01 13:50:29 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3119.30149__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3119.30067__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.09.01 13:50:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3119.30096__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3119.30145__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.09.01 13:50:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3119.30169__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3119.30118__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3119.30232__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.09.01 13:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3119.30167__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3119.30141__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3119.30146__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3119.30100__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.09.01 13:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3119.30089__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.09.01 13:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3119.30082__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.09.01 13:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3119.30128__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3119.30094__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3119.30139__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3119.30129__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.09.01 13:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.09.01 13:50:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.09.01 13:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3119.30122__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.09.01 13:50:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.09.01 13:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3119.30119__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.09.01 13:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3119.30093__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.09.01 13:50:24 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3142.27111_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll MOD - [2008.09.01 13:50:24 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3142.27338_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.09.01 13:50:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3142.27379__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.09.01 13:50:23 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3142.27393__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2008.09.01 13:50:23 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3142.27105__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.09.01 13:50:22 | 000,999,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3142.27126__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.09.01 13:50:22 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3142.27338__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.09.01 13:50:22 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3142.27148__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.09.01 13:50:22 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3142.27349__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.09.01 13:50:22 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3142.27109__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.09.01 13:50:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3142.27346__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.09.01 13:50:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3142.27111__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2008.09.01 13:50:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3142.27108__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.09.01 13:50:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3119.30123__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3119.30076__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.09.01 13:50:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3119.30101__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3119.30085__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.09.01 13:50:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.09.01 13:50:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3142.27348__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.09.01 13:50:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3119.30121__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3119.30121__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.09.01 13:50:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3119.30113__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3119.30150__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3119.30074__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.09.01 13:50:22 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2008.09.01 13:50:22 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2008.09.01 13:50:21 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3142.27108__90ba9c70f846762e\APM.Server.dll MOD - [2008.09.01 13:50:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3142.27106__90ba9c70f846762e\AEM.Server.dll MOD - [2008.08.14 17:23:22 | 000,118,032 | ---- | M] () -- C:\Programme\Logitech\QuickCam\LAppRes.DLL MOD - [2008.08.14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe MOD - [2008.08.14 17:13:30 | 000,149,264 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\LogiVOIPDevicePlugin.dll MOD - [2008.08.14 17:13:08 | 000,165,136 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\LogiCordless4001.dll MOD - [2008.08.14 17:13:08 | 000,138,000 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\LogiCordless.dll MOD - [2008.08.14 17:12:10 | 000,167,184 | ---- | M] () -- C:\Programme\Logitech\QuickCam\EFVal.dll MOD - [2008.08.14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe MOD - [2008.08.14 17:11:48 | 000,345,872 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\DevMngr.dll MOD - [2008.08.08 09:48:22 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.07.27 20:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.26 08:24:04 | 000,068,120 | ---- | M] () -- C:\Programme\Common Files\logishrd\LVCOMSER\LVCSPS.dll MOD - [2008.03.18 05:21:32 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2007.08.14 06:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 06:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 06:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.11.28 18:26:36 | 000,618,232 | ---- | M] () [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2006.10.26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dennis\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.10.05 18:41:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.08.24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.07.26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2010.08.02 16:19:38 | 000,066,816 | ---- | M] (LG Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis) DRV - [2010.08.02 16:19:36 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem) DRV - [2010.08.02 16:19:34 | 000,022,272 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetgps.sys -- (AndNetGps) DRV - [2010.08.02 16:19:32 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag) DRV - [2010.08.02 16:19:28 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2010.08.02 16:19:26 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2010.08.02 16:19:24 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2010.08.02 16:19:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009.04.06 13:19:46 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.01.23 10:49:06 | 000,038,816 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2009.01.13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2009.01.13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2009.01.13 19:13:36 | 000,031,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2009.01.13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2009.01.13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2008.11.28 18:26:37 | 000,097,808 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2008.11.28 18:26:37 | 000,072,720 | ---- | M] (COMODO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect) DRV - [2008.11.28 18:26:37 | 000,025,104 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2008.09.01 14:07:27 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.08.28 07:39:34 | 000,241,664 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302) DRV - [2008.08.08 10:31:30 | 003,895,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.07.26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.05.28 10:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2008.05.07 10:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.28 02:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2008.03.21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.10.12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 02:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2006.11.08 00:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009.02.08 17:25:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.10 18:01:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.09.02 11:34:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.11.05 01:17:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.10.02 02:46:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2012.02.07 01:19:22 | 000,000,000 | ---D | M] [2011.10.03 21:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions [2009.04.26 23:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\extensions [2009.04.26 23:00:05 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2012.05.13 15:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6vjf7ovq.default\extensions [2009.09.02 06:34:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION O1 HOSTS File: ([2012.10.09 20:37:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programme\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Programme\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [combofix] C:\ComboFix\CF14120.3XE (Microsoft Corporation) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 File not found O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF14120.3XE (Microsoft Corporation) O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk = C:\Programme\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08293879-2516-4F52-954A-50A7E3B00BF1}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B77411-A3C9-42D5-918E-27107C0B0739}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD57838A-40EF-4ADB-BE5E-3F7B739EAC7E}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.09 20:37:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.09 20:37:11 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\temp [2012.10.09 20:18:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.09 20:14:33 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.10.09 20:13:53 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012.10.09 18:42:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.09 18:42:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.09 18:42:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.09 18:41:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.09 18:40:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.08 21:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.05 18:40:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.10.05 18:40:59 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes [2012.10.05 18:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.05 18:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.05 18:39:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.05 18:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.14 04:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.14 04:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.11 18:35:02 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C9E77C98-A353-48E3-9E4A-A604B803B792}.job [2012.10.11 17:58:13 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1061286310-3026546113-1237927848-1004UA.job [2012.10.11 17:12:40 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 17:12:39 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 17:12:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.11 17:11:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.10 20:58:11 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1061286310-3026546113-1237927848-1004Core.job [2012.10.09 20:37:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.09 07:12:26 | 000,000,107 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2012.10.08 21:24:43 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.08 21:24:43 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.08 21:24:43 | 000,150,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.08 21:24:43 | 000,122,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.05 18:41:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.10.05 18:39:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.04 13:07:11 | 096,450,964 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.09.30 18:13:28 | 000,435,203 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.09.14 04:36:31 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.09 18:42:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.09 18:42:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.09 18:42:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.09 18:42:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.09 18:42:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.09 07:11:57 | 000,000,107 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2012.10.05 18:39:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.14 04:36:31 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.04.27 00:23:05 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Input.xml [2012.04.26 23:56:30 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Settings.xml [2011.09.17 00:21:22 | 000,000,000 | ---- | C] () -- C:\Windows\Podcast.INI [2011.09.17 00:09:33 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.08.09 17:50:27 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe [2011.04.21 20:42:21 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2011.03.31 18:33:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011.03.31 18:33:06 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011.02.20 00:41:22 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009.01.03 00:07:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2009.02.13 16:52:32 | 000,000,000 | ---D | M](C:\Windows\System32\?etup.features.srv_emc_lotus) -- C:\Windows\System32\Ǝetup.features.srv_emc_lotus [2009.02.13 16:52:32 | 000,000,000 | ---D | C](C:\Windows\System32\?etup.features.srv_emc_lotus) -- C:\Windows\System32\Ǝetup.features.srv_emc_lotus ========== Alternate Data Streams ========== @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:40D3D3E8 < End of report > |
|
11.10.2012, 17:56
| #26 |
| /// the machine /// TB-Ausbilder | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker Des is ja schon wieder das gleiche. Da fehlt noch die Extras.txt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.10.2012, 18:00
| #27 |
| | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.10.2012 18:27:43 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis_2\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,59% Memory free
6,20 Gb Paging File | 4,88 Gb Available in Paging File | 78,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 32,30 Gb Free Space | 28,87% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 96,85 Gb Free Space | 87,25% Space Free | Partition Type: NTFS
Drive F: | 3,69 Gb Total Space | 3,68 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: MASTERSREICH | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2594E44C-078C-4AFF-B066-230A6E9F5D4B}" = lport=137 | protocol=17 | dir=in | app=system |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2A21D6AA-422D-4D57-BC8A-36BC96FFAA84}" = lport=139 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{518D8EE6-F328-40FC-802E-31B92D2E2007}" = rport=139 | protocol=6 | dir=out | app=system |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5536BD33-1D09-4FFE-9B1F-7A0BCE7A6E24}" = rport=445 | protocol=6 | dir=out | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C9C0452-3E9D-4EF0-A7C4-620B2FEE17BE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{949DEB38-720E-4FA4-984A-06684B29E280}" = lport=138 | protocol=17 | dir=in | app=system |
"{A8774147-24CC-4B83-A493-BD4DFF50E236}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C691E232-7441-4AAA-B176-D9A1523D97AE}" = rport=138 | protocol=17 | dir=out | app=system |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2690371-557C-4DD8-83F8-A75A6E8DAA2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E99CF2AD-F735-4CC2-8E85-44CA91BD808A}" = lport=445 | protocol=6 | dir=in | app=system |
"{EE22A237-43F0-4BD9-A9C8-C2EADDE39D56}" = rport=137 | protocol=17 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A0F4E71-824D-498C-BE09-43EF25998BAB}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1633AF2B-9328-4160-8B66-6430B6F351D3}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{18C91CA0-5626-49DD-9B4F-7DFF43685C51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{30972822-9177-4F3A-ACA9-FB9E6F608A21}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53609DDC-0599-43DF-9920-268C31C9CB41}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89609C86-97C0-410A-8154-D76AC7B03F8D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{046C92D0-E561-A9CE-26FD-1310F9EC3307}" = Skins
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F2140FC-F592-74EE-4C9F-AB5925C9206A}" = CCC Help Polish
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AC740CF-D174-E606-7D64-C89006EFF5F7}" = CCC Help Thai
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20AAF16F-58AA-9815-6DA2-5A9E327EBCD9}" = CCC Help Hungarian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2433BAD7-453F-473D-BE81-455E68940DEB}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{3027D5A2-B891-769A-0EC1-AE353CB87095}" = Catalyst Control Center Localization Japanese
"{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"{30AFA4D1-DBBB-31D9-43B6-1F309DBFB632}" = Catalyst Control Center Localization Portuguese
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32B08666-1587-435D-988C-7958A04B218A}_is1" = OMSI Addon Manager Version 1.2.4
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{32F5F27A-0B8F-FD96-D716-9CC28A514265}" = Catalyst Control Center Localization Hungarian
"{33D5553C-4603-FFAE-CE7E-3245B9A5F4BD}" = Catalyst Control Center Graphics Previews Vista
"{347562E6-683C-1740-9B93-59F3C9DFA819}" = CCC Help Swedish
"{35F45C14-2925-507F-CD19-B0C3802A1A56}" = ATI Catalyst Install Manager
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{39ED3C48-3A24-BC9F-15FD-789BB728A1AF}" = CCC Help Finnish
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D294F77-AD11-45A5-B56B-E0D9C63C21FF}" = World of Subways Vol. 3
"{3D4EA6D7-D668-5EC3-ED86-838926DD0E3E}" = Catalyst Control Center Graphics Full Existing
"{4073F8AC-0AF5-F1FA-62A3-E910ECD5BE9E}" = Catalyst Control Center Localization Italian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{45728921-2EF7-B069-7A6B-E758B1B36031}" = CCC Help Japanese
"{495C9BC2-5410-45A3-A436-965C73644CB2}" = TS Convert 3.2
"{49901BB7-9A47-DB26-DD88-0FB132C311E4}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C59E6E3-B084-712F-93C4-DD030BA8382B}" = ccc-core-static
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{573A517B-4ED9-5B89-87A9-0EA47AD2E70B}" = Catalyst Control Center Localization Turkish
"{585FB3C3-03A1-C1A4-E684-26D951F49623}" = Catalyst Control Center Localization Korean
"{5C85747A-91B6-4233-AAF8-063506D0FF4F}" = LG United Mobile Drivers
"{5F2D1D6E-54BE-35FC-98A3-B7499A82AC57}" = CCC Help Norwegian
"{6023D6AB-8703-44F4-A496-86FBF9E4792F}_is1" = Querfurt for OMSI Version 1.1
"{60DDAC19-B97C-7CC2-41EF-9DA9E73417F8}" = Catalyst Control Center Localization Czech
"{628697C2-7F0E-40D2-8020-A147B3090F60}" = MorphVOX Pro
"{63DB5B24-6D91-ED26-CE81-AE4478A4AF17}" = Catalyst Control Center Graphics Full New
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AE58499-EF87-902E-A399-1D3A1E8B7CF8}" = Catalyst Control Center Localization Russian
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E74CE9F-D1DD-A0CF-CA8F-DCEE81EED03A}" = Catalyst Control Center Localization Thai
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{768F22DC-2D20-4F52-A9A1-5E231FB7F752}" = Logitech Gaming Software 5.04
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{796BD299-B2D0-F06B-F83A-A3FAB7847BDC}" = CCC Help Turkish
"{7B233975-3F27-8A78-EFE7-2017DB517AEC}" = Catalyst Control Center InstallProxy
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C977C15-9D4A-BB45-5CF5-F6816653A66F}" = CCC Help Russian
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{8387CF84-6445-4657-248F-85D823FD1DAA}" = CCC Help Chinese Standard
"{85578405-833F-C4D9-469A-5BD3D5CD9B2D}" = Catalyst Control Center Localization French
"{8649802A-88A1-4F85-A606-4B91821EFE3E}" = Tunebite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889CD612-1A61-E9F4-01EB-305E1F13D4CF}" = CCC Help Danish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94AD95CF-6E86-360B-FBD8-96E745E9EE78}" = Catalyst Control Center Localization Norwegian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{956ECA95-F547-80DF-B744-95C15EAA3A01}" = ccc-utility
"{98783FD6-051D-44A8-2F08-22B431C7AC29}" = CCC Help Chinese Traditional
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A6B8F23D-1049-5311-B7DE-D315DDB537D6}" = Catalyst Control Center Localization Chinese Standard
"{A74A4848-AF0D-4D12-16AD-51981E99DA58}" = CCC Help French
"{A84DB2DD-084D-30A9-7BB1-5A96AC1A1D2D}" = CCC Help Spanish
"{A91C86A8-E694-FE62-964A-68E460C27525}" = CCC Help Dutch
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B497CE99-D8C1-5A26-6C6A-105BA59282BB}" = Catalyst Control Center Localization Dutch
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C06BA206-9FBC-B8AB-E70B-0AF16B4E042B}" = CCC Help German
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6AF42C2-793E-D705-BA1B-10D909BDFDB2}" = Catalyst Control Center Localization Chinese Traditional
"{C6C27CAE-8F2A-5E3F-47CC-7394107CBBC0}" = Catalyst Control Center Localization Danish
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9DD05CD-CC28-AEF4-1631-AB3D63EF4358}" = Catalyst Control Center Localization Finnish
"{CA23D4B1-3D23-3BE6-832E-5BE877EC99C4}" = Catalyst Control Center Core Implementation
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FD95DA-E308-F73D-FE2B-D558DBC93C28}" = Catalyst Control Center Localization Spanish
"{DCC40E9D-B2B7-DF86-BFDE-39246E5323E9}" = Catalyst Control Center Graphics Light
"{DEF12F1C-1C2F-2E12-FE0B-1E6B2E1933BF}" = CCC Help English
"{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar Precision Performance SW
"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver
"{E85932CF-3D2C-BEAF-157B-9B79D163F27A}" = CCC Help Czech
"{E9BEBBC9-DB8E-3D94-94ED-C279F686C3B1}" = Catalyst Control Center Localization Polish
"{ED7CF899-B466-C4DC-58F4-33D157FD9840}" = Catalyst Control Center Localization Greek
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEE02F25-B3D5-8EB0-3FB6-F3D603237D66}" = Catalyst Control Center Localization Swedish
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0F23FB0-B605-D626-ACD0-9D7F4BAB88BB}" = CCC Help Greek
"{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"{FBBFF451-F9B1-F1E5-D5C2-FAAF0C020658}" = CCC Help Korean
"{FDA7BA48-20D4-9E57-0349-69E9EB371C86}" = Catalyst Control Center Localization German
"{FDE2754E-6923-508A-1218-D482A7FC2F93}" = CCC Help Italian
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AVG" = AVG 2012
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Bus-Simulator 2012_is1" = Bus-Simulator 2012
"CCleaner" = CCleaner
"COMODO Internet Security" = COMODO Internet Security
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Game Booster_is1" = Game Booster
"ICQToolbar" = ICQ Toolbar
"InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"MAGIX Podcast Maker e-version D" = MAGIX Podcast Maker e-version (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"MyTomTom" = MyTomTom 3.1.0.530
"OMSI - Addon Querfurt" = OMSI - Addon Querfurt 1.0
"PROHYBRIDR" = 2007 Microsoft Office system
"ProTrain 10 - DELUXE - 1.0" = ProTrain 10 - DELUXE - 1.0
"ProTrain 20 Dortmund - Hannover 1.0" = ProTrain 20 Dortmund - Hannover 1.0
"ProTrain 24 Kassel-Fulda 1.0" = ProTrain 24 Kassel-Fulda 1.0
"ProTrain 25 Koblenz - Giessen "Lahntalbahn" 1.0" = ProTrain 25 Koblenz - Giessen "Lahntalbahn" 1.0
"ProTrain 38 "Hannover-Kassel" 1.0" = ProTrain 38 "Hannover-Kassel" 1.0
"Renault Karosa Citybus 12M" = Renault Karosa Citybus 12M
"SkiRegionSimulator2012DemoDE_is1" = Skiregion Simulator 2012 Demo
"ST5UNST #1" = Kaminfeuer Titanium Edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TS Convert" = TS Convert Update 3.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FBW_549" = FBW_549
"OMSI" = OMSI
"SkyDecks Panel Design, Project CRJ Panel, v1.15" = SkyDecks Panel Design, Project CRJ Panel, v1.15
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.10.2012 01:03:15 | Computer Name = MastersReich | Source = EventSystem | ID = 4621
Description =
Error - 10.10.2012 11:08:30 | Computer Name = MastersReich | Source = WinMgmt | ID = 10
Description =
Error - 10.10.2012 11:36:50 | Computer Name = MastersReich | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SynTPEnh.exe, Version 10.1.2.0, Zeitstempel
0x472258c9, fehlerhaftes Modul SynTPEnh.exe, Version 10.1.2.0, Zeitstempel 0x472258c9,
Ausnahmecode 0xc0000409, Fehleroffset 0x00028ffc, Prozess-ID 0x1054, Anwendungsstartzeit
01cda6f94178e07c.
Error - 10.10.2012 12:03:40 | Computer Name = MastersReich | Source = EventSystem | ID = 4621
Description =
Error - 10.10.2012 13:56:35 | Computer Name = MastersReich | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\astragon\Bus-Simulator
2012\Bin_High_Win64\BusSimulator2012.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 10.10.2012 13:57:09 | Computer Name = MastersReich | Source = WinMgmt | ID = 10
Description =
Error - 11.10.2012 01:16:02 | Computer Name = MastersReich | Source = EventSystem | ID = 4621
Description =
Error - 11.10.2012 11:09:44 | Computer Name = MastersReich | Source = WinMgmt | ID = 10
Description =
Error - 11.10.2012 11:09:48 | Computer Name = MastersReich | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\astragon\Bus-Simulator
2012\Bin_High_Win64\BusSimulator2012.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.10.2012 11:13:54 | Computer Name = MastersReich | Source = WinMgmt | ID = 10
Description =
Error encountered while reading event logs.
< End of report >
|
|
11.10.2012, 18:06
| #28 |
| /// the machine /// TB-Ausbilder | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker Alles von java deinstallieren, neue Version Java 7 Update 7 laden und installieren. Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF14120.3XE (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ()
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF14120.3XE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:40D3D3E8
:Files
C:\Program Files\Windows iLivid Toolbar
:Commands
[emptytemp]
Neues OTL log mit Quick scan bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.10.2012, 18:32
| #29 |
| | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker Wo finde ich die neue txt datei nach dem neustart? also komisch ist noch das AVG immer noch nach einen Neustart verlangt obwohl ich ja nun einen gemacht habe. Mache nun den Quickscan All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully. C:\ComboFix\CF14120.3XE moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\COMODO Internet Security deleted successfully. C:\Programme\COMODO\COMODO Internet Security\cfp.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\combofix deleted successfully. File C:\ComboFix\CF14120.3XE not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteOnReboot deleted successfully. C:\Windows\DeleteOnReboot.bat moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\flags deleted successfully. ADS C:\ProgramData\TEMP:40D3D3E8 deleted successfully. ========== FILES ========== File\Folder C:\Program Files\Windows iLivid Toolbar not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Dennis ->Temp folder emptied: 80675973 bytes ->Temporary Internet Files folder emptied: 53001 bytes ->Java cache emptied: 7618407 bytes ->FireFox cache emptied: 42295009 bytes ->Flash cache emptied: 672 bytes User: Dennis_2 ->Temp folder emptied: 734161 bytes ->Temporary Internet Files folder emptied: 54924365 bytes ->Java cache emptied: 62606670 bytes ->FireFox cache emptied: 449973602 bytes ->Google Chrome cache emptied: 298775642 bytes ->Flash cache emptied: 136276 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 285042643 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 32180992 bytes RecycleBin emptied: 7611992 bytes Total Files Cleaned = 1.261,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 10112012_191732 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.10.2012 19:35:30 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis_2\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,76% Memory free 6,20 Gb Paging File | 4,89 Gb Available in Paging File | 78,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 33,36 Gb Free Space | 29,82% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 96,85 Gb Free Space | 87,25% Space Free | Partition Type: NTFS Drive F: | 3,69 Gb Total Space | 3,68 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: MASTERSREICH | User Name: Dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.09 17:17:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis_2\Desktop\OTL.exe PRC - [2012.09.07 22:35:56 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Mozilla Firefox\firefox.exe PRC - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe PRC - [2012.07.31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.07.26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2012.06.13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.01.21 14:19:54 | 000,092,168 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Gaming Software\LWEMon.exe PRC - [2008.12.19 01:30:20 | 000,323,216 | ---- | M] (Napster) -- C:\Programme\Napster\napster.exe PRC - [2008.11.28 18:26:36 | 000,618,232 | ---- | M] () -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.08.19 07:17:04 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.08.14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe PRC - [2008.08.14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe PRC - [2008.08.14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe PRC - [2008.07.08 04:27:00 | 006,273,568 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.02.12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2007.02.05 16:52:12 | 000,849,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe ========== Modules (No Company Name) ========== MOD - [2012.09.07 22:35:55 | 002,244,064 | ---- | M] () -- C:\Mozilla Firefox\mozjs.dll MOD - [2011.07.01 16:57:44 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.07.01 16:57:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.07.01 16:48:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011.07.01 16:48:39 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll MOD - [2011.07.01 16:31:14 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.07.01 16:30:21 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.07.01 16:29:46 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.07.01 16:25:43 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.07.01 16:25:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2008.09.01 13:50:49 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3142.27162__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.09.01 13:50:49 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3142.27360__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.09.01 13:50:49 | 000,266,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3142.27118__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.09.01 13:50:49 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3142.27165__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.09.01 13:50:49 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3142.27323__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.09.01 13:50:49 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3142.27285__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.09.01 13:50:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3142.27155__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.09.01 13:50:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3142.27255__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.09.01 13:50:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3142.27140__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.09.01 13:50:34 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3142.27295__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:34 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3142.27362__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:34 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3142.27296__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.09.01 13:50:34 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3142.27133__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3142.27294__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.09.01 13:50:33 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3142.27259__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3142.27167__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3142.27142__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3142.27312__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.09.01 13:50:33 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3142.27166__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3142.27359__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3142.27279__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:33 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3142.27258__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.09.01 13:50:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3142.27358__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.09.01 13:50:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3142.27174__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.09.01 13:50:33 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3142.27278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.09.01 13:50:32 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3142.27283__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:32 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3142.27175__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.09.01 13:50:31 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3142.27248__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:31 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3142.27257__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.09.01 13:50:31 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3142.27256__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.09.01 13:50:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3142.27257__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.09.01 13:50:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3142.27282__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.09.01 13:50:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3119.30092__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.09.01 13:50:31 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3119.30081__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.09.01 13:50:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3119.30104__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2008.09.01 13:50:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3119.30177__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.09.01 13:50:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3119.30120__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.09.01 13:50:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3119.30176__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.09.01 13:50:31 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.09.01 13:50:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3119.30063__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.09.01 13:50:30 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3119.30065__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.09.01 13:50:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3119.30127__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.09.01 13:50:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3119.30117__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.09.01 13:50:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3119.30171__90ba9c70f846762e\DEM.OS.dll MOD - [2008.09.01 13:50:29 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3119.30149__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3119.30067__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.09.01 13:50:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3119.30096__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3119.30145__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.09.01 13:50:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3119.30169__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3119.30118__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3119.30232__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.09.01 13:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3119.30167__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3119.30141__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3119.30146__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3119.30100__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.09.01 13:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3119.30089__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.09.01 13:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3119.30082__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.09.01 13:50:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3119.30130__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3119.30128__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3119.30094__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3119.30139__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.09.01 13:50:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3119.30129__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.09.01 13:50:28 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3119.30144__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.09.01 13:50:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3119.30148__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.09.01 13:50:28 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3119.30122__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.09.01 13:50:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.09.01 13:50:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3119.30119__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.09.01 13:50:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3119.30093__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.09.01 13:50:24 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3142.27111_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll MOD - [2008.09.01 13:50:24 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3142.27338_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.09.01 13:50:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3142.27379__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.09.01 13:50:23 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3142.27393__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2008.09.01 13:50:23 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3142.27105__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.09.01 13:50:22 | 000,999,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3142.27126__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.09.01 13:50:22 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3142.27338__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.09.01 13:50:22 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3142.27148__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.09.01 13:50:22 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3142.27349__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.09.01 13:50:22 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3142.27109__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.09.01 13:50:22 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3142.27346__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.09.01 13:50:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3142.27111__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2008.09.01 13:50:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3142.27108__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.09.01 13:50:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3119.30123__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3119.30076__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.09.01 13:50:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3119.30101__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3119.30085__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.09.01 13:50:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.09.01 13:50:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3142.27348__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.09.01 13:50:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3119.30121__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3119.30121__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.09.01 13:50:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3119.30113__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3119.30150__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.09.01 13:50:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3119.30074__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.09.01 13:50:22 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2008.09.01 13:50:22 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2008.09.01 13:50:21 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3142.27108__90ba9c70f846762e\APM.Server.dll MOD - [2008.09.01 13:50:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3142.27106__90ba9c70f846762e\AEM.Server.dll MOD - [2008.08.14 17:23:22 | 000,118,032 | ---- | M] () -- C:\Programme\Logitech\QuickCam\LAppRes.DLL MOD - [2008.08.14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe MOD - [2008.08.14 17:13:30 | 000,149,264 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\LogiVOIPDevicePlugin.dll MOD - [2008.08.14 17:13:08 | 000,165,136 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\LogiCordless4001.dll MOD - [2008.08.14 17:13:08 | 000,138,000 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\LogiCordless.dll MOD - [2008.08.14 17:12:10 | 000,167,184 | ---- | M] () -- C:\Programme\Logitech\QuickCam\EFVal.dll MOD - [2008.08.14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe MOD - [2008.08.14 17:11:48 | 000,345,872 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\DevMngr.dll MOD - [2008.08.08 09:48:22 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.07.27 20:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.26 08:24:04 | 000,068,120 | ---- | M] () -- C:\Programme\Common Files\logishrd\LVCOMSER\LVCSPS.dll MOD - [2008.03.18 05:21:32 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2007.08.14 06:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 06:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 06:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.11.28 18:26:36 | 000,618,232 | ---- | M] () [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.07.26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.07.26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2006.10.26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dennis\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.10.05 18:41:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.08.24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.07.26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2010.08.02 16:19:38 | 000,066,816 | ---- | M] (LG Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis) DRV - [2010.08.02 16:19:36 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem) DRV - [2010.08.02 16:19:34 | 000,022,272 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetgps.sys -- (AndNetGps) DRV - [2010.08.02 16:19:32 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag) DRV - [2010.08.02 16:19:28 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2010.08.02 16:19:26 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2010.08.02 16:19:24 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2010.08.02 16:19:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2009.09.29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009.04.06 13:19:46 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.01.23 10:49:06 | 000,038,816 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2009.01.13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2009.01.13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2009.01.13 19:13:36 | 000,031,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo) DRV - [2009.01.13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) DRV - [2009.01.13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2008.11.28 18:26:37 | 000,097,808 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2008.11.28 18:26:37 | 000,072,720 | ---- | M] (COMODO) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect) DRV - [2008.11.28 18:26:37 | 000,025,104 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2008.09.01 14:07:27 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.08.28 07:39:34 | 000,241,664 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302) DRV - [2008.08.08 10:31:30 | 003,895,808 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.07.26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.05.28 10:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2008.05.07 10:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.04.28 02:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2008.03.21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.10.12 03:00:44 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.10.12 02:56:00 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2006.11.08 00:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009.02.08 17:25:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.10 18:01:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.09.02 11:34:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.11.05 01:17:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.10.02 02:46:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2012.02.07 01:19:22 | 000,000,000 | ---D | M] [2011.10.03 21:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions [2009.04.26 23:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\extensions [2009.04.26 23:00:05 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2012.05.13 15:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\6vjf7ovq.default\extensions [2009.09.02 06:34:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION O1 HOSTS File: ([2012.10.09 20:37:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programme\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Programme\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4 File not found O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk = C:\Programme\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08293879-2516-4F52-954A-50A7E3B00BF1}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B77411-A3C9-42D5-918E-27107C0B0739}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD57838A-40EF-4ADB-BE5E-3F7B739EAC7E}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.11 19:17:32 | 000,000,000 | ---D | C] -- C:\_OTL [2012.10.11 19:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.11 19:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.10.09 20:37:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.09 20:37:11 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\temp [2012.10.09 20:18:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.09 20:14:33 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.10.09 20:13:53 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012.10.09 18:42:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.09 18:42:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.09 18:42:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.09 18:41:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.09 18:40:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.08 21:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.05 18:40:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.10.05 18:40:59 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes [2012.10.05 18:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.05 18:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.05 18:39:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.05 18:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.14 04:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.14 04:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype ========== Files - Modified Within 30 Days ========== [2012.10.11 19:45:16 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C9E77C98-A353-48E3-9E4A-A604B803B792}.job [2012.10.11 19:27:58 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 19:27:58 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 19:27:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.11 19:26:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.11 18:58:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1061286310-3026546113-1237927848-1004UA.job [2012.10.10 20:58:11 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1061286310-3026546113-1237927848-1004Core.job [2012.10.09 20:37:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.08 21:24:43 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.08 21:24:43 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.08 21:24:43 | 000,150,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.08 21:24:43 | 000,122,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.05 18:41:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.10.05 18:39:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.04 13:07:11 | 096,450,964 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.09.30 18:13:28 | 000,435,203 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.09.14 04:36:31 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2012.10.09 18:42:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.09 18:42:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.09 18:42:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.09 18:42:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.09 18:42:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.05 18:39:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.14 04:36:31 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.04.27 00:23:05 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Input.xml [2012.04.26 23:56:30 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Settings.xml [2011.09.17 00:21:22 | 000,000,000 | ---- | C] () -- C:\Windows\Podcast.INI [2011.09.17 00:09:33 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.08.09 17:50:27 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe [2011.04.21 20:42:21 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2011.03.31 18:33:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011.03.31 18:33:06 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011.02.20 00:41:22 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009.01.03 00:07:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.02.07 01:22:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AVG2012 [2011.03.24 19:11:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.28 21:14:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\elsterformular [2011.02.20 00:41:27 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\FreeAudioPack [2011.06.30 00:29:37 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ [2009.04.16 01:39:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech [2011.04.11 17:28:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\LG Electronics [2009.09.24 00:44:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Screaming Bee ========== Purity Check ========== ========== Files - Unicode (All) ========== [2009.02.13 16:52:32 | 000,000,000 | ---D | M](C:\Windows\System32\?etup.features.srv_emc_lotus) -- C:\Windows\System32\Ǝetup.features.srv_emc_lotus [2009.02.13 16:52:32 | 000,000,000 | ---D | C](C:\Windows\System32\?etup.features.srv_emc_lotus) -- C:\Windows\System32\Ǝetup.features.srv_emc_lotus < End of report > |
|
11.10.2012, 19:07
| #30 |
| /// the machine /// TB-Ausbilder | Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker Was genau steht in der Meldung von AVG?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker |
| aufsetzen, durchgeführt, gefunde, hinweis, java/trojandownloader.agent.nam, laptop, malewarebytes, neu, neu aufsetzen, osx/exploit.smid.b, rechner, scan, troja, trojaner, trojaner zeus, web.de, win32/adware.bundlore, win32/somoto.a, win32/toolbar.searchsuite, win32/toolbar.widgi |
.
Linear-Darstellung
