| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tcbhn wurde beendet und geschlossen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.02.2013, 13:09
| #1 |
 |  tcbhn wurde beendet und geschlossen? Hallo, ich habe seit Tagen eine Meldung wenn ich den PC hochfahre, tcbhn wurde beendet und geschlossen. Ich vermute, dass es sich um einen Virus oder so handelt, da mein PC immer langsamer wird und viele Programme verzögert reagieren.  Nachdem ich hier ein wenig gelesen habe, habe ich natürlich auch das malware programm durchlaufen lassen und hier ist das Ergebnis: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.06.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 sb-geb :: SB-GEB-PC [Administrator] Schutz: Aktiviert 06.02.2013 07:37:23 MBAM-log-2013-02-06 (13-00-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 461421 Laufzeit: 2 Stunde(n), 52 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 26 HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Keine Aktion durchgeführt. HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Keine Aktion durchgeführt. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Keine Aktion durchgeführt. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Keine Aktion durchgeführt. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Keine Aktion durchgeführt. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Keine Aktion durchgeführt. HKCR\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCR\TypeLib\{5B4144E1-B61D-495a-9A50-CD1A95D86D15} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCR\BrowserConnection.Loader.1 (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCR\BrowserConnection.Loader (PUP.Datamngr) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCR\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\sb-geb\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Keine Aktion durchgeführt. C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (PUP.Datamngr) -> Keine Aktion durchgeführt. C:\Users\sb-geb\Downloads\SoftonicDownloader_fuer_internet-explorer-9.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Keine Aktion durchgeführt. (Ende) Kann mir jemand helfen und mir sagen, welches Problem mein Rechner hat und wie ich es vielleicht wieder loswerden kann? Vielen Dank schon mal im Voraus Liebe Grüße |
|
06.02.2013, 13:37
| #2 |
| /// Malware-holic   | tcbhn wurde beendet und geschlossen? hi
__________________finger weg von Softonic. Lade Software ausschließlich beim Hersteller. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
06.02.2013, 21:43
| #3 |
| | tcbhn wurde beendet und geschlossen? Hallo, vielen Dank für die schnelle Antwort, ich werde mich in Zukunft vor softonic hüten :-), versprochen
__________________hier der Inhalt aus OtlOTL Logfile: Code:
ATTFilter OTL logfile created on: 06.02.2013 20:58:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sb-geb\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 53,70% Memory free 6,80 Gb Paging File | 5,16 Gb Available in Paging File | 75,86% Paging File free Paging file location(s): c:\pagefile.sys 4221 4221 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 290,78 Gb Total Space | 167,49 Gb Free Space | 57,60% Space Free | Partition Type: NTFS Drive D: | 290,74 Gb Total Space | 274,44 Gb Free Space | 94,39% Space Free | Partition Type: NTFS Drive J: | 1,87 Gb Total Space | 0,41 Gb Free Space | 21,92% Space Free | Partition Type: FAT32 Computer Name: SB-GEB-PC | User Name: sb-geb | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.06 20:49:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sb-geb\Desktop\OTL.exe PRC - [2013.02.05 06:40:37 | 000,865,792 | ---- | M] () -- C:\Users\sb-geb\AppData\Local\Temp\OCS\Downloads\d340164aef134ca45f5d3a3a8b8d1b79\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe PRC - [2013.01.12 11:10:01 | 000,322,032 | ---- | M] (AVM Berlin) -- C:\Users\sb-geb\AppData\Local\Apps\2.0\Z32ND9MC.P9B\J4WNBKKH.82J\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe PRC - [2013.01.12 10:17:18 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.17 17:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.2.1.22\ccsvchst.exe PRC - [2012.11.28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.11.22 14:53:01 | 001,681,472 | ---- | M] (Bandoo Media Inc) -- C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe PRC - [2012.10.24 17:14:52 | 000,843,208 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe PRC - [2010.03.13 15:36:21 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe PRC - [2009.08.31 10:43:46 | 000,241,664 | ---- | M] () -- C:\Program Files\Join Air\AssistantServices.exe PRC - [2009.08.31 10:43:14 | 000,132,608 | ---- | M] () -- C:\Program Files\Join Air\UIExec.exe PRC - [2009.08.13 14:54:30 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe PRC - [2009.05.29 10:13:40 | 000,729,600 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Silvercrest MTS2218 driver\KMCONFIG.exe PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.23 18:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009.02.10 08:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2008.08.21 14:15:58 | 000,348,160 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Silvercrest MTS2218 driver\KMProcess.exe PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.30 01:17:38 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe PRC - [2008.05.30 01:17:38 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Silvercrest MTS2218 driver\KMWDSrv.exe PRC - [2008.05.20 17:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2008.05.20 11:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.25 01:00:00 | 001,753,088 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanGUI.exe PRC - [2008.02.25 01:00:00 | 000,364,544 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanNetService.exe PRC - [2006.11.02 13:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe PRC - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe ========== Modules (No Company Name) ========== MOD - [2013.01.13 14:54:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013.01.13 14:54:41 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll MOD - [2013.01.13 14:54:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.13 14:54:08 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll MOD - [2013.01.13 14:53:58 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.13 14:52:42 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.13 14:52:35 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2013.01.12 12:02:29 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.12 11:54:13 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll MOD - [2013.01.12 11:54:07 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.12 11:53:56 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013.01.12 11:53:43 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.12 11:53:24 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.12 11:53:20 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.12 11:53:18 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll MOD - [2013.01.12 11:53:08 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.12 11:53:05 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.12 11:52:56 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.2.1.22\wincfi39.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2010.09.02 10:57:40 | 000,791,112 | ---- | M] () -- C:\Program Files\AVS4YOU\AVSVideoConverter\AVSVideoConverterShExt.dll MOD - [2009.08.31 10:43:14 | 000,132,608 | ---- | M] () -- C:\Program Files\Join Air\UIExec.exe MOD - [2009.06.16 15:42:56 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2990.36961__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2009.06.16 15:42:56 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2990.36918__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2009.06.16 15:42:56 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2990.36974__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2009.06.16 15:42:56 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2990.37146__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2009.06.16 15:42:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2990.36953__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2009.06.16 15:42:56 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2009.06.16 15:42:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2990.36939__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2009.06.16 15:42:55 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2990.37179__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2009.06.16 15:42:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2990.37110__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2009.06.16 15:42:46 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2990.36932__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2009.06.16 15:42:45 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2990.37076__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2009.06.16 15:42:45 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2990.36986__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2009.06.16 15:42:45 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2990.37070__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2009.06.16 15:42:45 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2990.37062__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2009.06.16 15:42:45 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2990.36940__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2009.06.16 15:42:45 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2990.37138__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2009.06.16 15:42:45 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2990.37118__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2009.06.16 15:42:45 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2990.36980__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2009.06.16 15:42:45 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2990.37177__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2009.06.16 15:42:45 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2990.37184__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2009.06.16 15:42:45 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2990.37090__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2009.06.16 15:42:45 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2990.37125__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2009.06.16 15:42:45 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2990.37076__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2009.06.16 15:42:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2990.37118__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2009.06.16 15:42:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2990.37068__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2009.06.16 15:42:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2990.37177__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2009.06.16 15:42:45 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2990.36992__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2009.06.16 15:42:45 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2990.37075__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2009.06.16 15:42:45 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2990.37089__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2009.06.16 15:42:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2990.37103__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2009.06.16 15:42:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2009.06.16 15:42:44 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2009.06.16 15:42:44 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2009.06.16 15:42:44 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2009.06.16 15:42:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2009.06.16 15:42:44 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2009.06.16 15:42:44 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2009.06.16 15:42:44 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2009.06.16 15:42:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2009.06.16 15:42:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2009.06.16 15:42:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2009.06.16 15:42:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2009.06.16 15:42:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2009.06.16 15:42:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2009.06.16 15:42:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2009.06.16 15:42:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2009.06.16 15:42:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2009.06.16 15:42:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2009.06.16 15:42:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2009.06.16 15:42:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2009.06.16 15:42:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2009.06.16 15:42:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2009.06.16 15:42:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2009.06.16 15:42:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2009.06.16 15:42:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2009.06.16 15:42:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2009.06.16 15:42:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2009.06.16 15:42:44 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2009.06.16 15:42:41 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2990.37161_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2009.06.16 15:42:40 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2990.36947__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2009.06.16 15:42:40 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2990.37161__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2009.06.16 15:42:40 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2990.37169__90ba9c70f846762e\MOM.Implementation.dll MOD - [2009.06.16 15:42:40 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2990.36911__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2009.06.16 15:42:40 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2990.37168__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2009.06.16 15:42:40 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2009.06.16 15:42:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2009.06.16 15:42:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2990.37194__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2009.06.16 15:42:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2009.06.16 15:42:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2009.06.16 15:42:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2009.06.16 15:42:40 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2009.06.16 15:42:40 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2990.37205__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2009.06.16 15:42:40 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2990.36910__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009.06.16 15:42:39 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2990.36926__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2009.06.16 15:42:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2990.36911__90ba9c70f846762e\ATIDEMOS.dll MOD - [2009.06.16 15:42:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2990.36909__90ba9c70f846762e\APM.Server.dll MOD - [2009.06.16 15:42:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2990.36910__90ba9c70f846762e\AEM.Server.dll MOD - [2009.06.16 15:42:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2009.06.16 15:42:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2990.37169__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009.06.16 15:42:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2009.06.16 15:42:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2009.06.16 15:42:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2009.03.29 20:42:14 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.29 20:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.11 16:27:08 | 000,106,496 | ---- | M] () -- C:\Program Files\Silvercrest MTS2218 driver\keydll.dll MOD - [2008.06.16 09:06:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Silvercrest MTS2218 driver\MouseHook.dll MOD - [2008.03.09 15:01:08 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.02.20 16:30:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe MOD - [2006.05.04 06:58:38 | 001,239,040 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfdialogs100.bpl MOD - [2006.05.04 06:58:38 | 000,237,056 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\expertpdf4core.bpl MOD - [2006.05.04 06:58:36 | 003,014,656 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfcore100.bpl MOD - [2006.05.04 06:58:36 | 001,026,048 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vsvector100.bpl MOD - [2006.05.04 06:58:36 | 000,230,912 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vspdfeditor100.bpl MOD - [2006.04.15 06:34:26 | 000,568,320 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\TMSlite100.bpl MOD - [2006.03.02 20:39:28 | 001,844,224 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\te100.bpl MOD - [2006.03.02 20:33:18 | 000,444,928 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\VirtualTree100.bpl MOD - [2006.03.02 20:28:36 | 000,139,776 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\uoolep100.bpl MOD - [2006.03.02 20:01:50 | 000,071,168 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\VSDesktop100.bpl MOD - [2006.03.02 19:57:48 | 000,383,488 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\visage100.bpl MOD - [2006.03.02 19:55:22 | 000,089,088 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\vsmisc100.bpl MOD - [2005.12.26 13:20:52 | 002,098,176 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\PKIECtrl100.bpl MOD - [2003.08.22 07:23:16 | 000,225,792 | ---- | M] () -- C:\Program Files\Visagesoft\eXPert PDF\sqlite.dll ========== Services (SafeList) ========== SRV - [2013.02.05 06:40:37 | 000,865,792 | ---- | M] () [Auto | Running] -- C:\Users\sb-geb\AppData\Local\Temp\OCS\Downloads\d340164aef134ca45f5d3a3a8b8d1b79\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper) SRV - [2013.01.12 11:17:12 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.05 02:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360) SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.13 15:36:21 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.03.13 15:36:17 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.08.31 10:43:46 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Join Air\AssistantServices.exe -- (UI Assistant Service) SRV - [2009.08.21 15:24:02 | 000,070,336 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Haufe\iDesk\iDeskService\ideskservice.exe -- (HRService) SRV - [2009.08.13 14:54:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2009.02.10 08:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.05.30 01:17:38 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Silvercrest MTS2218 driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2008.05.20 17:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2008.02.25 01:00:00 | 000,364,544 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\int15.sys -- (int15) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV - [2013.01.16 06:41:39 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130206.006\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.16 06:41:39 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130206.006\NAVENG.SYS -- (NAVENG) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.01.12 11:09:43 | 000,105,728 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura) DRV - [2013.01.11 16:34:02 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130205.001\IDSvix86.sys -- (IDSVix86) DRV - [2012.12.15 21:27:39 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.10.09 02:00:02 | 000,586,400 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1402010.016\srtsp.sys -- (SRTSP) DRV - [2012.10.04 02:40:35 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1402010.016\symefa.sys -- (SymEFA) DRV - [2012.10.04 02:40:20 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1402010.016\symds.sys -- (SymDS) DRV - [2012.09.20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.09.07 03:05:14 | 000,350,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402010.016\symtdiv.sys -- (SYMTDIv) DRV - [2012.09.07 02:48:08 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402010.016\ironx86.sys -- (SymIRON) DRV - [2012.08.22 20:04:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.20 20:49:49 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402010.016\ccsetx86.sys -- (ccSet_N360) DRV - [2012.08.09 05:35:42 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.05.24 22:36:56 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1402010.016\srtspx.sys -- (SRTSPX) DRV - [2012.03.02 15:03:00 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2012.03.02 15:03:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2012.03.02 15:03:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2011.09.15 15:28:55 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2009.12.11 17:13:36 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09) DRV - [2009.10.03 09:01:15 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.10.03 09:01:02 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.09.29 07:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 07:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 07:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009.04.22 16:35:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.02.02 18:14:20 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.02.02 18:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.02.02 18:14:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2008.12.17 13:42:50 | 000,018,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.02 05:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.03.09 15:58:42 | 003,533,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.12.19 01:00:00 | 000,401,920 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn) DRV - [2007.11.07 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2006.10.30 04:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsse IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6085727531724040&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2843456 IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9} IE - HKCU\..\SearchScopes\{0FC6DC25-5303-4C4C-A799-12F5D948D3C4}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{32C99870-D78F-4068-808B-3A4EB56D006D}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{477BB521-8C51-471C-9CB2-2C8BBB6097BD}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADRA_deDE451 IE - HKCU\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsse IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6085727531724040&q={searchTerms} IE - HKCU\..\SearchScopes\{B3D5209D-9CCC-4326-9C1B-9E50A8F30A6F}: "URL" = hxxp://go.1und1.de/br/ie8_search_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{B4FC88E2-72F6-4E28-97DD-518AE2D73EAF}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{C839F9CD-0C18-4292-98E9-7748C172D5AB}: "URL" = hxxp://go.1und1.de/br/ie8_search_ebay/?q={searchTerms} IE - HKCU\..\SearchScopes\{D6B3C5E3-7061-4692-A44F-1C5B142C286A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=1a963cce-5cab-499c-83da-f9d55c21da6e&apn_sauid=337B36C4-4120-4706-BD69-9A5512841594 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.5.1.00 FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.23821 FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledAddons: {f34c9277-6577-4dff-b2d7-7d58092f272f}:1.0.0.12 FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=6085727531724040&o=APN10645&q=" FF - prefs.js..network.proxy.no_proxies_on: "fritz.box" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.02.06 20:42:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.01.12 18:57:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.01 08:57:02 | 000,000,000 | ---D | M] [2012.11.25 10:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sb-geb\AppData\Roaming\mozilla\Extensions [2013.02.05 06:41:55 | 000,002,820 | ---- | M] () -- C:\Users\sb-geb\AppData\Roaming\mozilla\firefox\profiles\ea7elmfd.default\searchplugins\askcom.xml [2012.11.25 10:04:09 | 000,002,687 | ---- | M] () -- C:\Users\sb-geb\AppData\Roaming\mozilla\firefox\profiles\ea7elmfd.default\searchplugins\Search_Results.xml [2012.11.25 10:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.06.30 14:43:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.11.25 10:04:29 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN File not found (No name found) -- C:\USERS\SB-GEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EA7ELMFD.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7} File not found (No name found) -- C:\USERS\SB-GEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EA7ELMFD.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} File not found (No name found) -- C:\USERS\SB-GEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EA7ELMFD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI File not found (No name found) -- C:\USERS\SB-GEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EA7ELMFD.DEFAULT\EXTENSIONS\{F34C9277-6577-4DFF-B2D7-7D58092F272F} File not found (No name found) -- C:\USERS\SB-GEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EA7ELMFD.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI File not found (No name found) -- C:\USERS\SB-GEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EA7ELMFD.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM [2012.05.28 10:17:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.06.22 06:04:23 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.06 07:29:54 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.06 07:29:54 | 000,001,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.06 07:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.06 07:29:54 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.25 10:04:09 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2013.02.05 06:41:55 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.06 07:29:54 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: Search CHR - homepage: Search CHR - Extension: No name found = C:\Users\sb-geb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\sb-geb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\sb-geb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: No name found = C:\Users\sb-geb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\sb-geb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (1und1 Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc) O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Program Files\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc) O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Silvercrest MTS2218 driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe () O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\sb-geb\AppData\Local\Apps\2.0\Z32ND9MC.P9B\J4WNBKKH.82J\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: lexoffice.de ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: lexware.de ([lexlohn] http in Vertrauenswürdige Sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F88E6B7-CE6F-43E8-BFAD-599362BDF14B}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\haufereader - No CLSID value found O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\sb-geb\Pictures\Unbenannt.jpg O24 - Desktop BackupWallPaper: C:\Users\sb-geb\Pictures\Unbenannt.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{115eca96-3335-11df-bc1b-8000600fe800}\Shell - "" = AutoRun O33 - MountPoints2\{115eca96-3335-11df-bc1b-8000600fe800}\Shell\AutoRun\command - "" = K:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{CB987270-F1D7-4517-80FB-C9A1E3521067} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - File not found MsConfig - StartUpReg: iCloudServices - hkey= - key= - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.06 20:49:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sb-geb\Desktop\OTL.exe [2013.02.06 07:29:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO [2013.02.05 06:42:28 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo [2013.02.05 06:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.02.05 06:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.02.05 06:41:56 | 000,000,000 | ---D | C] -- C:\Users\sb-geb\AppData\Roaming\Opera [2013.02.05 06:41:40 | 000,000,000 | ---D | C] -- C:\Users\sb-geb\AppData\Local\SwvUpdater [2013.02.05 06:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper [2013.02.05 06:40:50 | 000,000,000 | ---D | C] -- C:\Users\sb-geb\AppData\Roaming\OCS [2013.02.05 06:40:50 | 000,000,000 | ---D | C] -- C:\Users\sb-geb\AppData\Roaming\DesktopIconForAmazon [2013.02.04 18:23:43 | 000,000,000 | ---D | C] -- C:\Users\sb-geb\AppData\Roaming\Malwarebytes [2013.02.04 18:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.04 18:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.04 18:23:33 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.04 18:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.29 20:58:52 | 000,000,000 | ---D | C] -- C:\Users\sb-geb\Desktop\Bilder [2013.01.12 11:10:02 | 000,105,728 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaura.sys [2013.01.09 15:37:44 | 004,940,344 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxXtreme110.dll [2013.01.09 15:37:42 | 000,104,504 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxUISettingsN100.dll [2013.01.09 15:37:40 | 000,026,168 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxTPSW100.dll [2013.01.09 15:37:38 | 001,360,952 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxTool110.dll [2013.01.09 15:37:34 | 000,063,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxPXTree100.dll [2013.01.09 15:37:32 | 000,127,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxMail100.dll [2013.01.09 15:37:16 | 000,207,416 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxBasics100.dll [2011.03.26 11:04:52 | 000,245,760 | ---- | C] (Ask.com) -- C:\Program Files\Uninstall Ask Toolbar.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.06 20:49:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sb-geb\Desktop\OTL.exe [2013.02.06 20:42:57 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job [2013.02.06 20:39:12 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 20:39:12 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 20:39:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.06 20:38:59 | 2951,929,856 | -HS- | M] () -- C:\hiberfil.sys [2013.02.06 13:23:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.02.06 13:16:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.06 13:02:12 | 000,002,591 | ---- | M] () -- C:\Users\sb-geb\Desktop\Microsoft Office Word 2007.lnk [2013.02.06 07:33:33 | 000,006,972 | ---- | M] () -- C:\Users\sb-geb\Desktop\SB-Gebäudedienstleistungen\Kunden\cc_20130206_073326.reg [2013.02.05 06:57:55 | 000,022,082 | ---- | M] () -- C:\Users\sb-geb\Desktop\SB-Gebäudedienstleistungen\Kunden\cc_20130205_065750.reg [2013.02.05 06:42:18 | 000,000,805 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.02.04 18:23:36 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.26 09:55:41 | 017,751,803 | ---- | M] () -- C:\Users\sb-geb\Desktop\expertpdf_v_4_softonic_deu.zip [2013.01.26 09:22:31 | 000,000,072 | ---- | M] () -- C:\Windows\EurekaLog.ini [2013.01.24 06:44:45 | 002,422,876 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402010.016\Cat.DB [2013.01.24 06:43:58 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402010.016\VT20130115.021 [2013.01.23 21:37:26 | 000,000,680 | ---- | M] () -- C:\Users\sb-geb\AppData\Local\d3d9caps.dat [2013.01.14 19:08:55 | 005,471,132 | ---- | M] () -- C:\Users\sb-geb\LFO1703_130114_190846.zip [2013.01.14 19:06:04 | 000,000,222 | ---- | M] () -- C:\Windows\DTABegleit.INI [2013.01.14 19:01:22 | 000,647,170 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.14 19:01:22 | 000,131,986 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.14 19:01:22 | 000,017,812 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.14 19:01:22 | 000,011,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.13 14:51:15 | 000,345,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.12 11:35:32 | 000,002,735 | ---- | M] () -- C:\Users\Public\Desktop\Lexware financial office.lnk [2013.01.12 11:09:43 | 000,105,728 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaura.sys [2013.01.10 08:46:06 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402010.016\isolate.ini [2013.01.09 15:37:44 | 004,940,344 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxXtreme110.dll [2013.01.09 15:37:42 | 000,104,504 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxUISettingsN100.dll [2013.01.09 15:37:40 | 000,026,168 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxTPSW100.dll [2013.01.09 15:37:38 | 001,360,952 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxTool110.dll [2013.01.09 15:37:34 | 000,063,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxPXTree100.dll [2013.01.09 15:37:32 | 000,127,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxMail100.dll [2013.01.09 15:37:16 | 000,207,416 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\System32\LxBasics100.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.06 07:33:30 | 000,006,972 | ---- | C] () -- C:\Users\sb-geb\Desktop\SB-Gebäudedienstleistungen\Kunden\cc_20130206_073326.reg [2013.02.05 06:57:53 | 000,022,082 | ---- | C] () -- C:\Users\sb-geb\Desktop\SB-Gebäudedienstleistungen\Kunden\cc_20130205_065750.reg [2013.02.05 06:42:17 | 000,000,805 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.02.05 06:41:45 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job [2013.02.04 18:23:36 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.26 09:55:15 | 017,751,803 | ---- | C] () -- C:\Users\sb-geb\Desktop\expertpdf_v_4_softonic_deu.zip [2013.01.14 19:08:50 | 005,471,132 | ---- | C] () -- C:\Users\sb-geb\LFO1703_130114_190846.zip [2013.01.12 11:46:40 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.01.12 11:46:40 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.20 17:13:54 | 005,236,421 | ---- | C] () -- C:\Users\sb-geb\(SYS)LFO1702_121220_171340.zip [2012.10.07 12:23:10 | 000,207,488 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.08.11 09:31:21 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2012.08.11 09:31:21 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2012.05.29 14:10:12 | 000,000,043 | ---- | C] () -- C:\Windows\FAFirmAssi.INI [2012.05.20 10:23:18 | 000,000,081 | ---- | C] () -- C:\Windows\loge.dat [2012.04.29 13:07:54 | 000,000,144 | ---- | C] () -- C:\Windows\PCFK32.INI [2012.04.27 10:43:55 | 000,000,043 | ---- | C] () -- C:\Windows\FAStdCompany.INI [2012.04.17 19:06:32 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.04.03 14:25:45 | 000,013,065 | ---- | C] () -- C:\Users\sb-geb\AppData\Roaming\Microsoft Excel 97-2003.CAL [2012.04.03 14:25:04 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2012.04.01 10:41:55 | 000,038,429 | ---- | C] () -- C:\Users\sb-geb\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.10.08 09:20:59 | 000,122,048 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2011.04.18 22:24:21 | 000,000,072 | ---- | C] () -- C:\Windows\EurekaLog.ini [2011.04.10 08:41:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.04.08 07:43:36 | 000,000,038 | ---- | C] () -- C:\Windows\System32\ZX9EQJT7_{1CA6066F-60D2-4E22-B07F-49FFF1E2E5CB}.dat [2010.12.10 11:50:01 | 000,001,628 | ---- | C] () -- C:\Users\sb-geb\.recently-used.xbel [2010.05.23 10:55:49 | 000,024,206 | ---- | C] () -- C:\Users\sb-geb\AppData\Roaming\UserTile.png [2010.03.13 13:06:06 | 000,000,680 | ---- | C] () -- C:\Users\sb-geb\AppData\Local\d3d9caps.dat [2010.03.01 19:40:25 | 000,001,774 | ---- | C] () -- C:\Users\sb-geb\AppData\Roaming\wklnhst.dat [2010.02.17 17:45:44 | 000,017,408 | ---- | C] () -- C:\Users\sb-geb\AppData\Local\WebpageIcons.db [2009.11.25 12:55:03 | 000,000,680 | RHS- | C] () -- C:\Users\sb-geb\ntuser.pol [2009.09.21 16:06:44 | 000,033,280 | ---- | C] () -- C:\Users\sb-geb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.10.27 13:30:43 | 000,000,000 | -HSD | M] -- C:\Users\sb-geb\AppData\Roaming\.# [2009.06.16 15:46:23 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Acer GameZone Console [2009.10.18 15:29:57 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\AmuletAdventure [2011.04.21 19:13:34 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\BitZipper [2009.10.11 19:24:19 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\BloodTies [2009.10.10 14:39:37 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Boomzap [2012.04.17 19:07:34 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Buhl Data Service [2011.12.15 13:06:57 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Canon [2010.01.13 15:50:19 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\cerasus.media [2012.07.19 15:11:54 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2009.09.16 21:35:11 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\DataDesign [2013.02.06 07:26:21 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\DesktopIconForAmazon [2012.01.30 08:14:46 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Dropbox [2011.07.21 20:30:50 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\DVDVideoSoft [2011.07.21 20:29:44 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\DVDVideoSoftIEHelpers [2010.05.13 12:25:12 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\ERS G-Studio [2010.05.07 07:11:28 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\eXPert PDF Editor [2011.09.14 18:42:09 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\FRITZ! [2012.01.15 14:51:38 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\GetRightToGo [2010.10.29 08:16:06 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\GrassGames [2010.12.10 11:50:01 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\gtk-2.0 [2010.01.08 13:12:33 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Haufe [2009.12.10 17:03:48 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\HdO Adventure [2009.09.20 12:08:18 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Hoellische Nachbarn [2012.05.27 09:24:07 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Lexware [2009.10.02 15:53:35 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Meridian93 [2010.07.26 18:55:31 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Nevosoft Games [2013.02.05 06:40:50 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\OCS [2009.09.16 21:46:30 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\OpenOffice.org [2013.02.05 06:41:56 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Opera [2010.07.10 18:36:54 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Panda Security [2010.07.09 18:15:23 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\PC Suite [2010.05.23 10:55:49 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\PeerNetworking [2010.04.22 12:11:41 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Playrix Entertainment [2011.09.01 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Registry Mechanic [2011.07.16 20:07:38 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Rovio [2012.10.24 17:13:10 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Samsung [2010.10.29 06:58:42 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\SmartTools [2010.07.29 05:25:15 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\SurfSecret Privacy Suite [2010.03.01 19:40:27 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\Template [2012.10.26 17:08:50 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\TuneUp Software [2011.01.06 21:21:11 | 000,000,000 | ---D | M] -- C:\Users\sb-geb\AppData\Roaming\XnView ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.11.25 15:18:37 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.10.05 15:48:59 | 000,000,000 | ---D | M] -- C:\ACER [2009.09.15 12:03:45 | 000,000,000 | ---D | M] -- C:\ACERSW [2012.01.15 18:42:21 | 000,000,000 | ---D | M] -- C:\AirPrint [2009.01.11 13:49:23 | 000,000,000 | ---D | M] -- C:\book [2012.04.27 07:21:30 | 000,000,000 | -HSD | M] -- C:\Boot [2012.04.25 18:21:28 | 000,000,000 | ---D | M] -- C:\dakotaag [2009.09.27 17:08:11 | 000,000,000 | ---D | M] -- C:\divx [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.09.15 11:56:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.09.15 13:08:20 | 000,000,000 | ---D | M] -- C:\drivers [2009.10.02 15:42:36 | 000,000,000 | ---D | M] -- C:\EGIS_Drive [2009.10.03 11:08:16 | 000,000,000 | ---D | M] -- C:\Lxk1100 [2009.10.03 10:55:24 | 000,000,000 | ---D | M] -- C:\MFT 121705 [2009.01.11 12:49:09 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.02.03 20:10:19 | 000,000,000 | ---D | M] -- C:\N360_BACKUP [2010.08.21 16:59:42 | 000,000,000 | ---D | M] -- C:\OEM [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.06 20:38:58 | 000,000,000 | ---D | M] -- C:\Program Files [2013.02.06 07:26:43 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.09.15 11:56:50 | 000,000,000 | -HSD | M] -- C:\Programme [2013.02.06 21:01:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.12.03 13:37:01 | 000,000,000 | ---D | M] -- C:\temp [2009.11.25 15:18:24 | 000,000,000 | R--D | M] -- C:\Users [2013.02.06 20:42:52 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.10 22:27:18 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.10.01 17:04:25 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.10.01 17:04:28 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.05.10 05:30:42 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.02.05 06:41:45 | 000,000,360 | ---- | C] () -- C:\Windows\Tasks\AmiUpdXp.job < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2007.08.08 05:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ACER\Preload\Autorun\DRV\ATI Chipset RS780 RS740+SB700\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys [2008.04.02 05:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:\ACER\Preload\MSDRV\ahcix86s.sys [2008.04.02 05:40:48 | 000,175,632 | ---- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:\Windows\System32\drivers\ahcix86s.sys [2008.04.02 05:40:48 | 000,175,632 | R--- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_4886f1e9\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.22 05:59:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys [2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys [2008.02.22 06:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009.01.11 20:11:43 | 013,115,392 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2009.01.11 20:11:34 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2009.01.11 20:11:43 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2009.01.11 20:11:52 | 017,633,280 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2009.01.11 20:11:54 | 006,680,576 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2008.03.09 15:01:18 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll < %USERPROFILE%\*.* > [2012.12.20 17:13:56 | 005,236,421 | ---- | M] () -- C:\Users\sb-geb\(SYS)LFO1702_121220_171340.zip [2010.12.10 11:50:01 | 000,001,628 | ---- | M] () -- C:\Users\sb-geb\.recently-used.xbel [2013.01.14 19:08:55 | 005,471,132 | ---- | M] () -- C:\Users\sb-geb\LFO1703_130114_190846.zip [2013.02.06 21:25:40 | 006,029,312 | ---- | M] () -- C:\Users\sb-geb\ntuser.dat [2013.02.06 21:25:40 | 000,262,144 | -H-- | M] () -- C:\Users\sb-geb\ntuser.dat.LOG1 [2009.09.15 12:01:05 | 000,000,000 | -H-- | M] () -- C:\Users\sb-geb\ntuser.dat.LOG2 [2012.04.27 07:21:37 | 000,065,536 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{20b7d881-9023-11e1-9590-002268681eaf}.TM.blf [2012.04.27 07:21:37 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{20b7d881-9023-11e1-9590-002268681eaf}.TMContainer00000000000000000001.regtrans-ms [2012.04.27 05:48:57 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{20b7d881-9023-11e1-9590-002268681eaf}.TMContainer00000000000000000002.regtrans-ms [2011.09.02 10:03:02 | 000,065,536 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{3166ca1a-ad40-11df-ae75-001f3f029972}.TM.blf [2011.09.02 10:03:02 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{3166ca1a-ad40-11df-ae75-001f3f029972}.TMContainer00000000000000000001.regtrans-ms [2010.08.21 18:32:44 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{3166ca1a-ad40-11df-ae75-001f3f029972}.TMContainer00000000000000000002.regtrans-ms [2009.10.03 12:13:43 | 000,065,536 | -HS- | M] () -- C:\Users\sb-geb\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.10.03 12:13:43 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.09.15 13:12:35 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2013.01.12 09:39:53 | 000,065,536 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{5958b1be-9025-11e1-a8ac-002268681eaf}.TM.blf [2013.01.12 09:39:53 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{5958b1be-9025-11e1-a8ac-002268681eaf}.TMContainer00000000000000000001.regtrans-ms [2012.04.27 20:10:51 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{5958b1be-9025-11e1-a8ac-002268681eaf}.TMContainer00000000000000000002.regtrans-ms [2010.08.21 18:08:26 | 000,065,536 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{67e2d672-b00d-11de-88cf-0009dd105f29}.TM.blf [2010.08.21 18:08:26 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{67e2d672-b00d-11de-88cf-0009dd105f29}.TMContainer00000000000000000001.regtrans-ms [2009.10.03 12:26:45 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{67e2d672-b00d-11de-88cf-0009dd105f29}.TMContainer00000000000000000002.regtrans-ms [2012.04.26 19:56:52 | 000,065,536 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{9a9ecd46-d53b-11e0-a26d-002268681eaf}.TM.blf [2012.04.26 19:56:51 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{9a9ecd46-d53b-11e0-a26d-002268681eaf}.TMContainer00000000000000000001.regtrans-ms [2011.09.02 10:04:45 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{9a9ecd46-d53b-11e0-a26d-002268681eaf}.TMContainer00000000000000000002.regtrans-ms [2013.02.06 13:23:16 | 000,065,536 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{b7065a29-5c97-11e2-8349-002268681eaf}.TM.blf [2013.02.06 13:23:16 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{b7065a29-5c97-11e2-8349-002268681eaf}.TMContainer00000000000000000001.regtrans-ms [2013.01.12 20:15:21 | 000,524,288 | -HS- | M] () -- C:\Users\sb-geb\ntuser.dat{b7065a29-5c97-11e2-8349-002268681eaf}.TMContainer00000000000000000002.regtrans-ms [2009.09.15 12:01:05 | 000,000,020 | -HS- | M] () -- C:\Users\sb-geb\ntuser.ini [2011.11.14 15:03:14 | 000,000,680 | RHS- | M] () -- C:\Users\sb-geb\ntuser.pol [2009.10.03 16:39:04 | 000,021,504 | ---- | M] () -- C:\Users\sb-geb\Stephan Becker Tabellarischer Lebenslauf Sperber.doc [2010.08.21 17:17:16 | 000,003,422 | ---- | M] () -- C:\Users\sb-geb\UpgKit.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C48A983C @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:561B1D2B @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:090FB735 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2634FC95 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A42A9F39 @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:F3176E45 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DAFD38AE @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:E66FFABE @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:7CACEF61 < End of report > cordicordu |
|
06.02.2013, 22:15
| #4 |
| /// Malware-holic | tcbhn wurde beendet und geschlossen? hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.02.2013, 17:13
| #5 |
| | tcbhn wurde beendet und geschlossen? Hallo, hier die beiden Dateien, sorry dass es so lange dauert, aber ich glaube mein pc bricht gleich gänzlich zusammen, seit ich dieses zip programm runtergeladen habe, sagt er mir, dass Browserprotect.exe nicht mehr funktioniert ich dreh noch durch... |
|
07.02.2013, 17:38
| #6 |
| | tcbhn wurde beendet und geschlossen? hier die gewünschte Datei |
|
07.02.2013, 21:05
| #7 |
| /// Malware-holic | tcbhn wurde beendet und geschlossen? du hast den tdss killer nicht konfiguriert wie beschrieben, bitte noch mal.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.02.2013, 21:35
| #8 |
| | tcbhn wurde beendet und geschlossen? hier jetzt die vollständige datei |
|
08.02.2013, 12:41
| #9 |
| /// Malware-holic | tcbhn wurde beendet und geschlossen? hi Combofix: Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.02.2013, 17:34
| #10 |
| | tcbhn wurde beendet und geschlossen? Hallo, da bin ich wieder, war zwei Tage nicht online, aber hier ist das logfile: Combofix Logfile: Code:
ATTFilter ComboFix 13-02-07.02 - sb-geb 08.02.2013 13:03:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2814.1308 [GMT 1:00]
ausgeführt von:: c:\users\sb-geb\Desktop\ComboFix.exe
AV: Norton 360 Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\WI371A~1\Datamngr\BROWSE~1.DLL
c:\users\Public\videos\fran‡ais.EXE
c:\users\sb-geb\AppData\Roaming\.#
c:\users\sb-geb\AppData\Roaming\.#\MBX@1394@1D92928.###
c:\users\sb-geb\AppData\Roaming\.#\MBX@1394@1D92958.###
c:\users\sb-geb\AppData\Roaming\.#\MBX@1394@1D92988.###
c:\windows\IsUn0407.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-08 bis 2013-02-08 ))))))))))))))))))))))))))))))
.
.
2013-02-08 12:26 . 2013-02-08 12:26 -------- d-----w- c:\users\Kinder\AppData\Local\temp
2013-02-08 12:26 . 2013-02-08 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-08 06:23 . 2013-02-01 18:21 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-02-08 06:23 . 2013-02-01 18:21 157712 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-02-08 06:23 . 2013-02-01 18:20 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2013-02-08 06:23 . 2013-02-01 18:20 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2013-02-08 06:23 . 2013-02-01 18:20 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2013-02-07 21:12 . 2013-02-08 06:23 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-02-07 21:11 . 2013-02-01 18:21 142744 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2013-02-07 21:11 . 2013-02-01 18:21 193168 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2013-02-07 21:11 . 2013-02-01 18:21 115608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2013-02-07 21:11 . 2013-02-01 18:21 2850712 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2013-02-07 19:56 . 2013-02-07 19:56 -------- d-----w- c:\users\sb-geb\AppData\Local\MGTEK
2013-02-07 19:56 . 2013-02-07 19:56 -------- d-----w- c:\program files\MGTEK
2013-02-07 19:56 . 2013-02-07 19:56 -------- d-----w- c:\program files\Common Files\MGTEK
2013-02-07 19:55 . 2013-02-07 19:55 -------- d-----w- c:\programdata\MGTEK
2013-02-06 20:50 . 2013-02-06 20:50 -------- d-----w- c:\program files\7-Zip
2013-02-06 20:49 . 2013-02-06 20:49 -------- d-----w- c:\programdata\BrowserProtect
2013-02-06 20:48 . 2013-02-06 20:48 -------- d-----w- c:\users\sb-geb\AppData\Roaming\Babylon
2013-02-06 20:48 . 2013-02-06 20:48 -------- d-----w- c:\programdata\Babylon
2013-02-06 06:29 . 2013-02-06 06:29 -------- d-----w- c:\windows\system32\IO
2013-02-05 05:42 . 2013-02-07 20:08 -------- d-----w- c:\programdata\Tarma Installer
2013-02-05 05:42 . 2013-02-05 05:42 -------- d-----w- c:\program files\CCleaner
2013-02-05 05:41 . 2013-02-05 05:41 -------- d-----w- c:\users\sb-geb\AppData\Local\SwvUpdater
2013-02-05 05:41 . 2013-02-05 05:41 -------- d-----w- c:\programdata\DNSErrorHelper
2013-02-05 05:40 . 2013-02-06 06:26 -------- d-----w- c:\users\sb-geb\AppData\Roaming\DesktopIconForAmazon
2013-02-05 05:40 . 2013-02-05 05:40 -------- d-----w- c:\users\sb-geb\AppData\Roaming\OCS
2013-02-04 17:23 . 2013-02-04 17:23 -------- d-----w- c:\users\sb-geb\AppData\Roaming\Malwarebytes
2013-02-04 17:23 . 2013-02-04 17:23 -------- d-----w- c:\programdata\Malwarebytes
2013-02-04 17:23 . 2013-02-04 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-04 17:23 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-31 16:21 . 2013-01-31 16:21 4940344 ----a-w- c:\windows\system32\LxXtreme110.dll
2013-01-31 16:21 . 2013-01-31 16:21 104504 ----a-w- c:\windows\system32\LxUISettingsN100.dll
2013-01-31 16:21 . 2013-01-31 16:21 26168 ----a-w- c:\windows\system32\LxTPSW100.dll
2013-01-31 16:21 . 2013-01-31 16:21 63544 ----a-w- c:\windows\system32\LxPXTree100.dll
2013-01-31 16:21 . 2013-01-31 16:21 1360952 ----a-w- c:\windows\system32\LxTool110.dll
2013-01-31 16:21 . 2013-01-31 16:21 127544 ----a-w- c:\windows\system32\LxMail100.dll
2013-01-31 16:21 . 2013-01-31 16:21 49720 ----a-w- c:\windows\system32\LXCurr100.dll
2013-01-31 16:21 . 2013-01-31 16:21 68152 ----a-w- c:\windows\system32\LxCI12.dll
2013-01-31 16:21 . 2013-01-31 16:21 207416 ----a-w- c:\windows\system32\LxBasics100.dll
2013-01-29 14:18 . 2013-01-29 14:18 49720 ----a-w- c:\windows\system32\FKStampPainter20.dll
2013-01-26 09:32 . 2007-12-10 07:40 18481937 ----a-w- c:\users\sb-geb\AppData\Roaming\Microsoft\Word\STARTUP\expertpdf_v4_softonic_deu\expertpdf_v4_softonic_deu.exe
2013-01-23 05:50 . 2013-01-24 05:43 -------- d-----w- c:\windows\system32\drivers\N360\1402010.016
2013-01-12 10:46 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-12 10:46 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-12 10:46 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-12 10:46 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-12 10:46 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-12 10:46 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-01-12 10:46 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-12 10:46 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-12 10:46 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-12 10:46 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-12 10:46 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-12 10:40 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-12 10:40 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-01-12 10:38 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-12 10:38 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-12 10:33 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-12 10:10 . 2013-01-12 10:09 105728 ----a-w- c:\windows\system32\drivers\avmaura.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 08:16 . 2012-05-10 04:30 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-08 08:16 . 2011-06-15 05:05 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-15 20:27 . 2011-02-03 17:38 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-11-14 02:09 . 2012-12-13 05:42 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 05:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 05:42 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 05:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 05:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 05:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-13 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-16 21:09 . 2011-03-26 10:04 245760 ----a-w- c:\program files\Uninstall Ask Toolbar.dll
2013-02-01 18:21 . 2011-06-04 13:21 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{213c8ed6-1d78-4d8f-8729-25006aa86a76}"= "c:\program files\WiseConvert_1.3\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{213c8ed6-1d78-4d8f-8729-25006aa86a76}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-03-18 12:50 154704 ----a-w- c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{213c8ed6-1d78-4d8f-8729-25006aa86a76}]
2011-05-09 09:49 176936 ----a-w- c:\program files\WiseConvert_1.3\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{213c8ed6-1d78-4d8f-8729-25006aa86a76}"= "c:\program files\WiseConvert_1.3\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{213c8ed6-1d78-4d8f-8729-25006aa86a76}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{213C8ED6-1D78-4D8F-8729-25006AA86A76}"= "c:\program files\WiseConvert_1.3\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{213c8ed6-1d78-4d8f-8729-25006aa86a76}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"AVMUSBFernanschluss"="c:\users\sb-geb\AppData\Local\Apps\2.0\Z32ND9MC.P9B\J4WNBKKH.82J\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" [2013-01-12 139264]
"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]
"Microsoft Office Outlook"="c:\progra~1\MICROS~2\Office12\OUTLOOK.EXE" [2012-09-25 13019280]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"KMCONFIG"="c:\program files\Silvercrest MTS2218 driver\StartAutorun.exe" [2008-05-30 212992]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-08-31 132608]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2008-02-25 1753088]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"vspdfprsrv.exe"="c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe" [2006-05-04 998912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~2\browse~1\261095~1.52\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2012-12-17 15:48 59872 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ApplePhotoStreams"=c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"KiesAirMessage"=c:\program files\Samsung\Kies\KiesAirMessage.exe -startup
"KiesPreload"=c:\program files\Samsung\Kies\Kies.exe /preload
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"eDataSecurity Loader"=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"Acer Empowering Technology Monitor"=c:\program files\Acer\Empowering Technology\SysMonitor.exe
"Windows Mobile-based device management"=%WINDIR%\WindowsMobile\wmdcBase.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe"
"vspdfprsrv.exe"=c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
R2 AddonsHelper;AddonsHelper;c:\users\sb-geb\AppData\Local\Temp\OCS\Downloads\d340164aef134ca45f5d3a3a8b8d1b79\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe [x]
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [x]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 08:16]
.
2013-02-08 c:\windows\Tasks\AmiUpdXp.job
- c:\users\sb-geb\AppData\Local\SwvUpdater\Updater.exe [2013-02-05 05:41]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 16:04]
.
2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 16:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=0609&m=aspire_m1201
uInternet Settings,ProxyOverride = fritz.box;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: lexoffice.de\www
Trusted Zone: lexware.de\lexlohn
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\sb-geb\AppData\Roaming\Mozilla\Firefox\Profiles\ea7elmfd.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2011-11-13 14:48; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\Windows iLivid Toolbar\Datamngr\FirefoxExtension
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
WebBrowser-{09E55BA0-F9C6-4B81-82DF-46853F6F7B3F} - (no file)
WebBrowser-{0E3DBC69-A682-48DA-84E1-82C63A5D678E} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
AddRemove-SmartToolsWochenplan 2010, 2011v1.00 - c:\program files\SmartTools\Excel Wochenplan 2010
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-08 13:27
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.2.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-02-08 13:30:38
ComboFix-quarantined-files.txt 2013-02-08 12:30
Grüße
cordicordu
.
Vor Suchlauf: 18 Verzeichnis(se), 178.374.737.920 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 178.327.502.848 Bytes frei
.
- - End Of File - - EE03A797D5332F1C05D67D589C01ABC3
|
|
10.02.2013, 18:53
| #11 |
| /// Malware-holic | tcbhn wurde beendet und geschlossen? Hallo, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.02.2013, 13:29
| #12 |
| | tcbhn wurde beendet und geschlossen? Hallo, ich war fleissig: 1und1 Internet Explorer Addon 1&1 Mail & Media GmbH 18.03.2011 532KB 1.0.0.3 bekannt 1und1 Softwareaktualisierung 1&1 Mail & Media GmbH 18.03.2011 1,25MB 2.0.0.5 bekannt 7-Zip 9.20 06.02.2013 3,53MB unnötig Acer Arcade Live Main Page Acer Inc. 16.06.2009 34,3MB 1.1.1819 SP1901 von Anfang an drauf? Acer DV Magician Acer Inc. 16.06.2009 87,5MB 1.5.1730 von Anfang an drauf? Acer DVDivine Acer Inc. 16.06.2009 108MB 3.2.1730 von Anfang an drauf? Acer eDataSecurity Management Egis Inc. 11.01.2009 69,3MB 3.0.3065 von Anfang an drauf? Acer Empowering Technology Acer Incorporated 21.08.2010 105MB 3.0.3016 von Anfang an drauf? Acer HomeMedia Acer Inc. 16.06.2009 44,4MB 1.5.0530 SP3001 von Anfang an drauf? Acer HomeMedia Connect Acer Inc. 16.06.2009 36,6MB 1.4.5330 SP3001 von Anfang an drauf? Acer HomeMedia Trial Creator Acer Inc. 16.06.2009 54,9MB 1.5.0530 SP3001 von Anfang an drauf? Acer Product Registration Acer Incorporated 15.09.2009 5,92MB 3.0.0.10 notwendig Acer ScreenSaver Acer Incorporated 16.06.2009 4.01.0718 von Anfang an drauf? Acer SlideShow DVD Acer Inc. 16.06.2009 93,0MB 1.5.1730 von Anfang an drauf? Acer VideoMagician Acer Inc. 16.06.2009 183MB 1.4.2203 von Anfang an drauf? Adblock IE 2.2 MGTEK 07.02.2013 1,75MB 2.2.1524 unnötig Adobe AIR Adobe Systems Incorporated 19.07.2012 39,3MB 3.3.0.3670 unbekannt Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.02.2013 11.5.502.149 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.02.2013 11.5.502.149 notwendig Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 14.01.2013 118MB 10.1.5 notwendig Adobe Shockwave Player 11.5 Adobe Systems, Inc. 23.05.2010 8,23MB 11.5.7.609 unbekannt Apple Application Support Apple Inc. 01.12.2012 64,9MB 2.3.2 notwendig Apple Mobile Device Support Apple Inc. 01.12.2012 24,5MB 6.0.1.3 notwendig Apple Software Update Apple Inc. 07.10.2011 2,38MB 2.1.3.127 notwendig Ask Toolbar Ask.com 30.10.2012 3,17MB 1.15.4.0 unnötig Ask Toolbar Updater Ask.com 23.01.2012 1.2.0.20007 unnötig ATI Catalyst Install Manager ATI Technologies, Inc. 16.06.2009 13,8MB 3.0.664.0 notwendig AVM FRITZ!Box Dokumentation AVM Berlin 15.09.2009 2,02MB notwendig AVM FRITZ!WLAN AVM Berlin 19.03.2010 notwendig AVS Update Manager 1.0 Online Media Technologies Ltd. 26.09.2010 10,2MB unbekannt AVS Video Converter 7 Online Media Technologies Ltd. 26.09.2010 35,8MB unbekannt AVS4YOU Software Navigator 1.4 Online Media Technologies Ltd. 26.09.2010 8,28MB unbekannt Bonjour Apple Inc. 16.10.2011 1,02MB 3.0.0.10 unbekannt BrowserProtect Bit89 Inc 06.02.2013 7,61MB unnötig C:\Program Files\Acer GameZone\GameConsole Oberon Media, Inc. 16.06.2009 41,9MB 2.0.1.6 unnötig Canon Easy-WebPrint EX 05.10.2009 5,87MB unbekannt Canon Inkjet Printer/Scanner/Fax Extended Survey Program 05.10.2009 1,30MB unbekannt Canon MP Navigator EX 3.0 05.10.2009 72,2MB notwendig Canon MP490 series Benutzerregistrierung 05.10.2009 1,09MB notwendig Canon MP490 series MP Drivers 05.10.2009 330MB notwendig Canon Utilities Easy-PhotoPrint EX 05.10.2009 221MB notwendig Canon Utilities My Printer 05.10.2009 4,69MB notwendig Canon Utilities Solution Menu 05.10.2009 3,04MB unbekannt CCleaner Piriform 23.01.2013 2,71MB 3.27 notwendig Conduit Engine Conduit Ltd. 26.03.2011 3,82MB 6.2.7.3 unbekannt dakota.ag ITSG 06.12.2012 25,0MB 5.2.0.8 notwendig DDBAC DataDesign 14.12.2012 8,89MB 5.3.2 unbekannt eSobi v2 esobi Inc. 20.08.2010 16,8MB 2.0.4.000260 unbekannt eXPert PDF 4 Visage Software 04.03.2010 33,1MB 4.1.670.404 bekannt FRITZ!Box USB-Fernanschluss AVM Berlin 12.01.2013 2.3.0.2 notwendig GIMP 2.6.11 The GIMP Team 10.12.2010 111MB 2.6.11 unbekannt Google Earth Google 19.12.2012 173MB 7.0.2.8415 nicht notwendig Google Toolbar for Internet Explorer Google Inc. 15.12.2012 10,0MB 7.4.3607.2246 nicht notwendig Haufe iDesk-Browser Haufe-Lexware GmbH & Co. KG 16.05.2011 26,4MB 10.10.14.0000 notwendig Haufe iDesk-Service Haufe 08.01.2010 135MB 9.08.21.7460 nowendig iCloud Apple Inc. 22.01.2013 48,3MB 2.1.1.3 notwendig iLivid Bandoo Media Inc 25.11.2012 39,6MB 4.0.0.2208 unbekannt iTunes Apple Inc. 15.12.2012 185MB 11.0.1.12 notwendig Java(TM) 6 Update 26 Sun Microsystems, Inc. 16.09.2009 97,6MB 6.0.260 notwendig Join Air ZTE Corporation 15.03.2010 23,6MB 1.0.0.1 unbekannt Kalenderdruck-Assistent für Microsoft Office Outlook 2007 Microsoft Corporation 18.08.2012 47,9MB 12.0.6612.1000 notwendig Lexware Abschreibungsrechner Haufe-Lexware GmbH & Co.KG 29.08.2011 38,1MB 10.50.04.0001 notwendig Lexware büro easy 2011 Haufe-Lexware GmbH & Co.KG 26.12.2011 653MB 24.20.04.0046 notwendig Lexware Elster Haufe-Lexware GmbH & Co.KG 08.02.2013 105MB 13.07.00.0045 notwendig Lexware financial office 2013 Haufe-Lexware GmbH & Co.KG 08.02.2013 872MB 17.04.00.0175 notwendig Lexware Info Service Haufe-Lexware GmbH & Co.KG 06.12.2012 12,7MB 2.90.00.0009 notwendig Lexware online banking Haufe-Lexware GmbH & Co.KG 06.12.2012 28,1MB 17.00.00.0186 notwendig Lexware reisekosten 2009 Lexware 08.01.2010 60,4MB 16.00.00.0054 notwendig Lexware Zeiterfassung Haufe-Lexware GmbH & Co.KG 11.11.2011 27,9MB 24.00.04.0001 notwendig LG Bluetooth Drivers LG Electronics 11.08.2012 704KB 1.1 nicht notwendig LG PC Suite IV LG Electronics 11.08.2012 85,6MB 4.3.67.20120418 nicht notwendig LG United Mobile Driver LG Electronics 11.08.2012 6,44MB 3.7.2.0 nicht notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 04.02.2013 12,2MB 1.70.0.1100 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 28.05.2012 39,4MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 28.05.2012 39,4MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16.11.2012 120MB 4.0.30320 Microsoft Office Basic 2007 Microsoft Corporation 13.11.2011 376MB 12.0.6612.1000 Microsoft Office File Validation Add-In Microsoft Corporation 18.09.2011 7,91MB 14.0.5130.5003 Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.04.2012 506KB 2.0.4024.1 Microsoft Office Mobile 6.1 Microsoft Corporation 28.11.2009 2,75MB 6.1.6100.0 Microsoft Office Outlook Connector Microsoft Corporation 18.11.2009 6,13MB 12.0.6423.1000 Microsoft Office Suite Activation Assistant Microsoft Corporation 11.01.2009 8,36MB 2.9 Microsoft Silverlight Microsoft Corporation 16.05.2012 20,4MB 5.1.10411.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 11.01.2009 1,74MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 18.09.2009 251KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.06.2011 294KB 8.0.56336 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.11.2009 199KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 02.06.2011 592KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 06.12.2012 233KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 25.11.2009 590KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 21.06.2011 594KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 27.04.2012 16,5MB 10.0.40219 Microsoft Works Microsoft Corporation 01.01.2010 08.05.0822 MobileMe Control Panel Apple Inc. 31.10.2011 12,9MB 3.1.8.0 unbekannt Mozilla Firefox 18.0.2 (x86 de) Mozilla 08.02.2013 43,4MB 18.0.2 notwendig Mozilla Maintenance Service Mozilla 08.02.2013 224KB 18.0.2 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 15.09.2009 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 28.11.2009 1,33MB 4.20.9876.0 unbekannt MSXML 4.0 SP2 Parser und SDK Microsoft Corporation 01.03.2010 48,0KB 4.20.9818.0 unbekannt MyFreeCodec 24.10.2012 10,6MB unbekannt Nero 9 Lite Nero AG 29.07.2010 9,96MB nicht notwendig Norton 360 Symantec Corporation 15.12.2012 84,7MB 20.2.1.22 notwendig NTI Backup Now 5 NewTech Infosystems 11.01.2009 29,5MB 5.1.2.616 nicht bekannt NTI Media Maker 8 NewTech Infosystems 11.01.2009 187MB 8.0.2.6509 nicht bekannt OpenOffice.org 3.2 OpenOffice.org 17.12.2010 361MB 3.2.9502 notwendig PC Connectivity Solution Nokia 09.07.2010 12,7MB 10.26.0.0 nicht bekannt Picasa 3 Google, Inc. 23.05.2012 79,4MB 3.8 notwendig QuickSteuer Deluxe 2010 Haufe-Lexware GmbH & Co. KG 30.04.2012 16.14.00.0002 notwendig QuickSteuer DELUXE Wissens-Center 2010 Haufe Mediengruppe 16.05.2011 160MB 16.0.2.0 notwendig QuickTime Apple Inc. 01.12.2012 73,1MB 7.73.80.64 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 11.01.2009 21,7MB 6.0.1.5628 notwendig Samsung Kies Samsung Electronics Co., Ltd. 24.10.2012 191MB 2.5.0.12094_28 nicht notwendig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 08.02.2013 33,5MB 1.5.15.0 nicht notwendig Servicepack Datumsaktualisierung Haufe-Lexware 29.11.2010 2,39MB 1.00.00.0005 notwendig Silvercrest MTS2218 driver Targa GmbH 17.11.2010 6,91MB 6.1 notwendig SmartTools Publishing • Excel Jahresplan SmartTools Publishing 29.10.2010 1,03MB v2.00 nicht notwendig SmartTools Publishing • Excel OutlookToXL SmartTools Publishing 29.10.2010 1,84MB v4.00 nicht notwendig Software Version Updater 05.02.2013 304KB 1.1.3.6 unbekannt TuneUp Utilities 2009 TuneUp Software 13.03.2010 8.0.3310.3 nicht notwendig VLC media player 1.0.2 VideoLAN Team 27.09.2009 74,9MB 1.0.2 unbekannt Windows 7 Upgrade Advisor Microsoft Corporation 20.08.2010 8,77MB 2.0.5000.0 bekannt Windows iLivid Toolbar Bandoo Media, Inc 13.11.2011 16,0MB 3.0.0.117530 bekannt Windows Live Anmelde-Assistent Microsoft Corporation 13.11.2011 1,93MB 5.000.818.6 Windows Live Essentials Microsoft Corporation 11.01.2009 136MB 14.0.8050.1202 Windows Live Sync Microsoft Corporation 11.01.2009 2,79MB 14.0.8050.1202 Windows Live-Uploadtool Microsoft Corporation 11.01.2009 225KB 14.0.8014.1029 Windows Mobile-Gerätecenter: Treiberupdate Microsoft Corporation 28.11.2009 42,4MB 6.1.6965.0 Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 09.07.2010 08/22/2008 7.0.0.0 Windows-Treiberpaket - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42) YUAN High-Tech Development Co. Ltd. 16.06.2009 12/14/2007 6.1.32.42 WinRAR 4.00 (32-Bit) win.rar GmbH 21.04.2011 4,03MB 4.00.0 bekannt WiseConvert 1.3 Toolbar WiseConvert 1.3 31.10.2012 4,87MB 6.9.0.16 unbekannt XnView 1.97.8 Gougelet Pierre-e 12.12.2010 26,6MB 1.97.8 unbekannt alle windows bzw. Microsoft sachen sind sicherlich notwendig hoffe, das ist alles nachvollziehbar. Danke noch mal für die Unterstützung hier, ich wär sonst echt aufgeschmissen |
|
12.02.2013, 13:58
| #13 |
| /// Malware-holic | tcbhn wurde beendet und geschlossen? ich möchte wissen was nötig, unnötig und unbekannt ist
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.02.2013, 15:44
| #14 |
| | tcbhn wurde beendet und geschlossen? hab ich doch jedesmal daneben geschrieben, unbekannte sach weiss ich nicht ob die notwendig ist |
|
13.02.2013, 13:32
| #15 |
| /// Malware-holic | tcbhn wurde beendet und geschlossen? ne du hast manchmal bekannt und manchmal nötig geschrieben, woher soll man dann also wissen obs nur bekannt aber unnötig, oder bekannt und nötig ist. also, sind alle bekannten nötig?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu tcbhn wurde beendet und geschlossen? |
| .dll, administrator, anti-malware, appdata, autostart, beendet und geschlossen, dateien, ergebnis, explorer, langsamer, loswerden, malware, microsoft, problem, programme, pup.blabbers, pup.datamngr, pup.mywebsearch, pup.offerbundler.st, pup.software.updater, service pack 2, speicher, swvupdater, tcbhn, updater.exe, virus |
WARNUNG an die MITLESER: 
Linear-Darstellung
