| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.09.2013, 12:12
| #1 |
| |  Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden Hallo zusammen, ich habe gestern mal wieder einen AviraSystemscan am Lappi meiner Schwester durchgeführt und prompt kam die Meldung, dass sich ein Trojaner mit dem Namen TR/Crypt.ZPACK.Gen8 in C:\Users\johanna\AppData\Roaming\skype.dat befindet. Außerdem vermeldete es ein verstecktes Objekt, womit ich noch nicht viel anfangen kann  Avira hat den Trojaner in Quarantäne verschoben. Mit dem versteckten Objekt hat es glaube ich nix gemacht. ich habe die hier im Forum beschriebene Anleitung befolgt und die diversen Scanner und Tools durchlaufen lassen. nur weis ich nicht wirklich was ich damit nun anfangen soll und wie es weiter geht? Ist der PC noch gefährdet? meine Sis nutzt Online-Banking und ist sehr besorgt Wäre über Hilfe seeeeehr dankbar. Jetzt kommen die einzelnen Nachweise Avira Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 17. September 2013 19:50
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : JOHANNA-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.4052 55009 Bytes 29.08.2013 17:56:00
AVSCAN.EXE : 13.6.20.2100 639032 Bytes 16.09.2013 18:38:15
AVSCANRC.DLL : 13.6.20.2174 63032 Bytes 16.09.2013 18:38:15
LUKE.DLL : 13.6.20.2174 65080 Bytes 16.09.2013 18:38:54
AVSCPLR.DLL : 13.6.20.2174 92216 Bytes 16.09.2013 18:38:15
AVREG.DLL : 13.6.20.2174 250424 Bytes 16.09.2013 18:38:13
avlode.dll : 13.6.20.2174 497720 Bytes 16.09.2013 18:38:10
avlode.rdf : 13.0.1.42 26846 Bytes 28.08.2013 12:10:11
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 15:56:22
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 08:26:29
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:24:49
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 08:14:27
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 08:09:39
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 18:37:26
VBASE006.VDF : 7.11.98.187 2048 Bytes 29.08.2013 18:37:27
VBASE007.VDF : 7.11.98.188 2048 Bytes 29.08.2013 18:37:27
VBASE008.VDF : 7.11.98.189 2048 Bytes 29.08.2013 18:37:27
VBASE009.VDF : 7.11.98.190 2048 Bytes 29.08.2013 18:37:27
VBASE010.VDF : 7.11.98.191 2048 Bytes 29.08.2013 18:37:27
VBASE011.VDF : 7.11.98.192 2048 Bytes 29.08.2013 18:37:27
VBASE012.VDF : 7.11.98.193 2048 Bytes 29.08.2013 18:37:27
VBASE013.VDF : 7.11.99.52 270848 Bytes 30.08.2013 18:37:28
VBASE014.VDF : 7.11.99.167 210944 Bytes 02.09.2013 18:37:30
VBASE015.VDF : 7.11.100.3 265216 Bytes 03.09.2013 18:37:31
VBASE016.VDF : 7.11.100.95 220160 Bytes 04.09.2013 18:37:32
VBASE017.VDF : 7.11.100.197 143872 Bytes 05.09.2013 18:37:32
VBASE018.VDF : 7.11.101.11 227840 Bytes 06.09.2013 18:37:34
VBASE019.VDF : 7.11.101.79 148480 Bytes 07.09.2013 18:37:34
VBASE020.VDF : 7.11.101.169 305664 Bytes 10.09.2013 18:37:36
VBASE021.VDF : 7.11.102.9 253440 Bytes 12.09.2013 18:37:39
VBASE022.VDF : 7.11.102.151 282624 Bytes 15.09.2013 18:37:41
VBASE023.VDF : 7.11.102.152 2048 Bytes 15.09.2013 18:37:41
VBASE024.VDF : 7.11.102.153 2048 Bytes 15.09.2013 18:37:42
VBASE025.VDF : 7.11.102.154 2048 Bytes 15.09.2013 18:37:42
VBASE026.VDF : 7.11.102.155 2048 Bytes 15.09.2013 18:37:42
VBASE027.VDF : 7.11.102.156 2048 Bytes 15.09.2013 18:37:42
VBASE028.VDF : 7.11.102.157 2048 Bytes 15.09.2013 18:37:42
VBASE029.VDF : 7.11.102.158 2048 Bytes 15.09.2013 18:37:42
VBASE030.VDF : 7.11.102.159 2048 Bytes 15.09.2013 18:37:42
VBASE031.VDF : 7.11.102.236 290816 Bytes 17.09.2013 17:17:44
Engineversion : 8.2.12.120
AEVDF.DLL : 8.1.3.4 102774 Bytes 14.06.2013 07:29:41
AESCRIPT.DLL : 8.1.4.148 516478 Bytes 16.09.2013 18:37:59
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 21:11:27
AESBX.DLL : 8.2.16.26 1245560 Bytes 27.08.2013 13:41:03
AERDL.DLL : 8.2.0.128 688504 Bytes 14.06.2013 07:29:40
AEPACK.DLL : 8.3.2.28 749945 Bytes 16.09.2013 18:37:58
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 09.08.2013 08:43:45
AEHEUR.DLL : 8.1.4.630 6164858 Bytes 16.09.2013 18:37:56
AEHELP.DLL : 8.1.27.6 266617 Bytes 27.08.2013 13:40:48
AEGEN.DLL : 8.1.7.14 446839 Bytes 16.09.2013 18:37:45
AEEXP.DLL : 8.4.1.62 328055 Bytes 16.09.2013 18:38:00
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.32.0 201081 Bytes 27.08.2013 13:40:48
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.20.2174 23608 Bytes 16.09.2013 18:36:57
AVPREF.DLL : 13.6.20.2174 48184 Bytes 16.09.2013 18:38:12
AVREP.DLL : 13.6.20.2174 175672 Bytes 16.09.2013 18:38:13
AVARKT.DLL : 13.6.20.2174 258104 Bytes 16.09.2013 18:38:01
AVEVTLOG.DLL : 13.6.20.2174 165432 Bytes 16.09.2013 18:38:06
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.6.20.2174 60472 Bytes 16.09.2013 18:38:16
NETNT.DLL : 13.6.20.2174 13368 Bytes 16.09.2013 18:38:55
RCIMAGE.DLL : 13.6.20.2174 4786744 Bytes 16.09.2013 18:36:57
RCTEXT.DLL : 13.6.20.2174 68152 Bytes 16.09.2013 18:36:57
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 17. September 2013 19:50
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'wmiprvse.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'msiexec.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '160' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'starter4g.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '158' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'EasySpeedUpManager.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSCKbdHk.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'dmhkcore.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'WCScheduler.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'service4g.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'WTGService.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMEService.exe' - '10' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Rezip.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'NitroPDFReaderDriverService3.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'NetworkLicenseServer.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '174' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1177' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <systemdisk>
C:\Users\johanna\AppData\Roaming\skype.dat
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen8
Beginne mit der Suche in 'D:\' <datendisk>
Beginne mit der Desinfektion:
C:\Users\johanna\AppData\Roaming\skype.dat
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen8
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56cbdf7c.qua' verschoben!
Ende des Suchlaufs: Mittwoch, 18. September 2013 11:21
Benötigte Zeit: 1:22:30 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
22476 Verzeichnisse wurden überprüft
717189 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
717188 Dateien ohne Befall
14035 Archive wurden durchsucht
0 Warnungen
2 Hinweise
570583 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:25 on 18/09/2013 (johanna)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by johanna (administrator) on JOHANNA-PC on 18-09-2013 12:28:35
Running from D:\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
() C:\windows\SYSTEM32\Rezip.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\windows\service4g.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
() C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Opera Software) C:\Program Files\Opera\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [starter4g] - C:\windows\starter4g.exe [160992 2010-07-08] (4G Systems GmbH & Co. KG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-16] (Avira Operations GmbH & Co. KG)
HKCU\...\Run: [EPSON SX125 Series] - C:\windows\TEMP\E_S65C4.tmp [126 2011-06-15] ()
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-17] (Google Inc.)
HKCU\...\Run: [EPSON SX125 Series (Kopie 1)] - C:\windows\TEMP\E_S3D4F.tmp [146 2012-02-23] ()
MountPoints2: {5e5da6db-efe1-11df-bdf5-00245412197b} - V:\SETUP.EXE /AUTORUN
MountPoints2: {aad62e5a-fb30-11e0-8323-00245412197b} - F:\autorun.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
========================== Services (Whitelisted) =================
S2 0096401286719054mcinstcleanup; C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini [1216 2010-10-10] ()
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-16] (Avira Operations GmbH & Co. KG)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-06-18] (Nitro PDF Software)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329168 2010-04-12] ()
R2 XS Stick Service; C:\windows\service4g.exe [145120 2010-07-08] (4G Systems GmbH & Co. KG)
R2 yksvc; C:\Windows\System32\yk62x86.dll [364544 2009-09-28] (Marvell)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-04] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2011-10-20] (Mobile Connector)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-11-14] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-18 12:28 - 2013-09-18 12:28 - 00000000 ____D C:\FRST
2013-09-18 12:20 - 2013-09-18 12:22 - 00000636 _____ C:\windows\system32\defogger_disable.log
2013-09-18 12:20 - 2013-09-18 12:22 - 00000176 _____ C:\Users\johanna\defogger_reenable
2013-09-18 11:19 - 2013-09-18 11:24 - 00000000 ____D C:\AdwCleaner
2013-09-17 10:04 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-17 10:04 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-17 10:04 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-17 10:04 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-17 10:04 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-17 10:04 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-16 20:45 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-16 20:45 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-16 20:45 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-16 20:45 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-16 20:45 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-16 20:45 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-16 20:45 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-16 20:45 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-16 20:34 - 2013-09-16 21:22 - 00000000 ____D C:\Users\johanna\AppData\Roaming\Nitro PDF
==================== One Month Modified Files and Folders =======
2013-09-18 12:28 - 2013-09-18 12:28 - 00000000 ____D C:\FRST
2013-09-18 12:28 - 2010-09-27 21:33 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-18 12:26 - 2009-09-16 23:52 - 01075100 _____ C:\windows\WindowsUpdate.log
2013-09-18 12:23 - 2010-09-27 21:33 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-18 12:23 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-18 12:23 - 2009-07-14 06:39 - 00163533 _____ C:\windows\setupact.log
2013-09-18 12:22 - 2013-09-18 12:20 - 00000636 _____ C:\windows\system32\defogger_disable.log
2013-09-18 12:22 - 2013-09-18 12:20 - 00000176 _____ C:\Users\johanna\defogger_reenable
2013-09-18 12:20 - 2010-09-27 20:21 - 00000000 ____D C:\Users\johanna
2013-09-18 11:33 - 2009-07-14 06:34 - 00015056 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 11:33 - 2009-07-14 06:34 - 00015056 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 11:24 - 2013-09-18 11:19 - 00000000 ____D C:\AdwCleaner
2013-09-17 22:03 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-17 20:35 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-09-17 19:56 - 2009-07-26 22:06 - 01520734 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-17 19:16 - 2009-07-14 06:33 - 00421360 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-17 10:06 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2013-09-17 10:03 - 2013-08-14 23:10 - 00000000 ____D C:\windows\system32\MRT
2013-09-17 10:01 - 2010-10-10 16:10 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-16 21:22 - 2013-09-16 20:34 - 00000000 ____D C:\Users\johanna\AppData\Roaming\Nitro PDF
2013-09-16 20:39 - 2013-05-02 10:27 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-09-16 20:39 - 2012-11-28 20:25 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-09-16 20:39 - 2012-11-28 20:25 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-08-28 14:15 - 2011-01-01 12:22 - 00000000 ____D C:\Users\johanna\AppData\Local\Google
Files to move or delete:
====================
C:\ProgramData\84487744.pad
Some content of TEMP:
====================
C:\Users\johanna\AppData\Local\Temp\AskSLib.dll
C:\Users\johanna\AppData\Local\Temp\atl100.dll
C:\Users\johanna\AppData\Local\Temp\IERunner.dll
C:\Users\johanna\AppData\Local\Temp\msvcp100.dll
C:\Users\johanna\AppData\Local\Temp\msvcr100.dll
C:\Users\johanna\AppData\Local\Temp\nitro_reader3.exe
C:\Users\johanna\AppData\Local\Temp\Quarantine.exe
C:\Users\johanna\AppData\Local\Temp\SkypeSetup.exe
C:\Users\johanna\AppData\Local\Temp\tbDVDV.dll
C:\Users\johanna\AppData\Local\Temp\Uninstaller.exe
C:\Users\johanna\AppData\Local\Temp\UninstallerGer.dll
C:\Users\johanna\AppData\Local\Temp\UninstallerIta.dll
C:\Users\johanna\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\johanna\AppData\Local\Temp\_is157.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-16 21:10
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 03
Ran by johanna at 2013-09-18 12:30:08
Running from D:\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Adobe Flash Player 10 ActiveX (Version: 10.1.102.64)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader 9.1 - Deutsch (Version: 9.1.0)
Atheros Client Installation Program (Version: 1.0.1.0805)
ATI Catalyst Install Manager (Version: 3.0.741.0)
Avira Free Antivirus (Version: 13.0.0.4052)
BatteryLifeExtender (Version: 1.0.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0901.2227.38495)
Catalyst Control Center Graphics Full Existing (Version: 2009.0901.2227.38495)
Catalyst Control Center Graphics Full New (Version: 2009.0901.2227.38495)
Catalyst Control Center Graphics Light (Version: 2009.0901.2227.38495)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0901.2227.38495)
Catalyst Control Center InstallProxy (Version: 2009.0901.2227.38495)
Catalyst Control Center Localization All (Version: 2009.0901.2227.38495)
CCC Help Chinese Standard (Version: 2009.0901.2226.38495)
CCC Help Chinese Traditional (Version: 2009.0901.2226.38495)
CCC Help Czech (Version: 2009.0901.2226.38495)
CCC Help Danish (Version: 2009.0901.2226.38495)
CCC Help Dutch (Version: 2009.0901.2226.38495)
CCC Help English (Version: 2009.0901.2226.38495)
CCC Help Finnish (Version: 2009.0901.2226.38495)
CCC Help French (Version: 2009.0901.2226.38495)
CCC Help German (Version: 2009.0901.2226.38495)
CCC Help Greek (Version: 2009.0901.2226.38495)
CCC Help Hungarian (Version: 2009.0901.2226.38495)
CCC Help Italian (Version: 2009.0901.2226.38495)
CCC Help Japanese (Version: 2009.0901.2226.38495)
CCC Help Korean (Version: 2009.0901.2226.38495)
CCC Help Norwegian (Version: 2009.0901.2226.38495)
CCC Help Polish (Version: 2009.0901.2226.38495)
CCC Help Portuguese (Version: 2009.0901.2226.38495)
CCC Help Russian (Version: 2009.0901.2226.38495)
CCC Help Spanish (Version: 2009.0901.2226.38495)
CCC Help Swedish (Version: 2009.0901.2226.38495)
CCC Help Thai (Version: 2009.0901.2226.38495)
CCC Help Turkish (Version: 2009.0901.2226.38495)
ccc-core-static (Version: 2009.0901.2227.38495)
ccc-utility (Version: 2009.0901.2227.38495)
CDBurnerXP (Version: 4.5.2.4214)
ChargeableUSB (Version: 1.0.0.0)
Compatibility Pack für 2007 Office System (Version: 12.0.6021.5000)
CyberLink YouCam (Version: 2.0.2907)
Dairy Dash
Easy Display Manager (Version: 3.0)
Easy Network Manager (Version: 4.2.4)
Easy SpeedUp Manager (Version: 3.0.0.4)
EasyBatteryManager (Version: 4.0.0.2)
Epson Easy Photo Print 2 (Version: 2.2.0.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
EPSON Scan
EPSON SX125 Series Handbuch
EPSON SX125 Series Printer Uninstall
Free YouTube to MP3 Converter version 3.11.30.903 (Version: 3.11.30.903)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Intel® Matrix Storage Manager
Junk Mail filter update (Version: 14.0.8089.726)
LSI HDA Modem (Version: 2.2.97)
Marvell Miniport Driver (Version: 10.70.3.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server VSS Writer (Version: 9.00.3042.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MSVCRT (Version: 14.0.1468.721)
Namuga 1.3M Webcam (Version: 1.00.0000)
Nitro Reader 3 (Version: 3.5.5.2)
Opera 12.16 (Version: 12.16.1860)
PC Beschleunigen (Version: 1.3.10.20086)
Realtek High Definition Audio Driver (Version: 6.0.1.5948)
REALTEK Wireless LAN Software (Version: 1.01.0088)
Samsung Recovery Solution 4 (Version: 4.0.0.3)
Samsung Support Center (Version: 1.0.1)
Samsung Update Plus (Version: 2.0)
Skype™ 5.3 (Version: 5.3.120)
Synaptics Pointing Device Driver (Version: 13.2.4.12)
TeamViewer 5 (Version: 5.1.9385 )
TomTom HOME 2.8.2.2264 (Version: 2.8.2.2264)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
User Guide (Version: 1.0)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Fotogalerie (Version: 14.0.8081.709)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
XSManager (Version: 3.0)
==================== Restore Points =========================
04-08-2013 09:09:11 Windows Update
07-08-2013 14:08:11 Windows Update
14-08-2013 16:37:35 Windows Update
14-08-2013 21:06:14 Windows Update
21-08-2013 07:11:47 Windows Update
27-08-2013 14:02:24 Windows Update
16-09-2013 18:45:25 Windows Update
17-09-2013 08:00:43 Windows Update
17-09-2013 17:54:08 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {2305DEF5-962C-43C2-B137-6BA272EB80A9} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {3BEA1269-71AA-491F-B309-219AE332725E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.)
Task: {4EE2A8A1-9346-423F-8EC2-1760E5073B97} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {65CAA3FC-6411-4E38-A61B-05EDDDD07C53} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] ()
Task: {7366B38C-B7CB-49A5-AE9B-DC9EF847FB55} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.)
Task: {7E2AA8FB-D068-4AEE-A887-0E6E3B87B771} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {86AABC58-8DA0-4A1A-90C8-7AE51DC464DB} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics)
Task: {8A29FF2D-80A1-4DAC-8007-66FDEA4D5BE9} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-12] (Samsung Electronics Co., Ltd.)
Task: {91AFFC71-1CDF-43D6-B6F1-5D704BA249F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-27] (Google Inc.)
Task: {A28A448A-14ED-4AB2-8283-FF3D6FFF751E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {A99F5C7C-253D-4D4A-8D78-C0EBBBCAF920} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-27] (Google Inc.)
Task: {D6654822-7DEB-455B-B926-D9C6F3F24967} - System32\Tasks\{1706DA13-0B74-43AC-9C51-C95BB39C0F86} => C:\Program Files\Skype\\Phone\Skype.exe [2011-06-15] (Skype Technologies S.A.)
Task: {EFC1E165-AE5F-415D-9A4F-F0F56760B1F2} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2009-09-17 16:02 - 2009-07-15 01:14 - 00169256 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2009-09-17 16:02 - 2009-07-15 01:14 - 00161064 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00106496 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3531.38565__90ba9c70f846762e\MOM.Implementation.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00032768 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00036864 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00065536 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3531.38563__90ba9c70f846762e\LOG.Foundation.Implementation.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00019456 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3531.38565__90ba9c70f846762e\CCC.Implementation.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00094208 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00057344 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3531.38480__90ba9c70f846762e\CLI.Component.SkinFactory.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00057344 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3531.38479__90ba9c70f846762e\CLI.Component.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00045056 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00032768 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00045056 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3531.38478__90ba9c70f846762e\AEM.Server.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00045056 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3531.38575__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00045056 _____ (ATI Technologies Inc.) C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (ATI Technologies Inc.) C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00364544 _____ (Advanced Mirco Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3531.38481__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00135168 _____ (Advanced Mirco Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00065536 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3531.38533__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00077824 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3531.38551__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00032768 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00065536 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3531.38490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3531.38505__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00024576 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00053248 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00032768 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3531.38531__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00049152 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00061440 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00053248 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00090112 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00057344 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00045056 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3531.38569__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00036864 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3531.38477__90ba9c70f846762e\APM.Server.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00007168 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3531.38478__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00552960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3531.38559__90ba9c70f846762e\CLI.Component.Systemtray.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00405504 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Component.Wizard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00024576 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00651264 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3531.38593__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
2009-02-12 07:32 - 2009-02-12 07:32 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00491520 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00094208 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3531.38538__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00409600 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3531.38546__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00007168 _____ ( ) C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00307200 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3531.38506__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 01691648 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3531.38598__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00204800 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 01212416 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3531.38486__90ba9c70f846762e\CLI.Component.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00024576 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00073728 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3531.38490__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00045056 _____ (Advanced Mirco Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3531.38571__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00196608 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 01011712 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3531.38595__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00094208 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00393216 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00315392 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3531.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00360448 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3531.38520__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00331776 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00573440 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3531.38502__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00798720 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3531.38526__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
2009-09-16 23:52 - 2009-09-16 23:52 - 00118784 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
2009-09-16 23:59 - 2010-04-16 14:11 - 00155648 _____ () C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
2009-09-17 00:06 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2011-06-15 19:08 - 2013-07-07 10:59 - 16192864 _____ (Opera Software) C:\Program Files\Opera\Opera.dll
2010-10-10 17:19 - 2012-02-19 20:13 - 08527008 _____ () C:\windows\system32\Macromed\Flash\NPSWF32.dll
==================== Alternate Data Streams (whitelisted) ==========
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/17/2013 09:58:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/17/2013 09:58:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/17/2013 09:56:50 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/17/2013 09:56:24 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/16/2013 09:13:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/16/2013 09:13:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/16/2013 09:11:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/16/2013 09:11:18 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/27/2013 05:49:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (08/27/2013 05:49:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (09/18/2013 00:23:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (09/18/2013 00:23:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (09/18/2013 00:23:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (09/18/2013 00:23:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (09/18/2013 00:23:57 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (09/18/2013 00:23:57 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (09/18/2013 00:23:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (09/18/2013 00:23:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (09/18/2013 00:23:48 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801
Error: (09/18/2013 00:23:31 PM) (Source: Service Control Manager) (User: )
Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (09/17/2013 09:58:15 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest
Error: (09/17/2013 09:58:14 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe
Error: (09/17/2013 09:56:50 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
Error: (09/17/2013 09:56:24 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest
Error: (09/16/2013 09:13:09 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest
Error: (09/16/2013 09:13:08 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe
Error: (09/16/2013 09:11:43 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest
Error: (09/16/2013 09:11:18 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest
Error: (08/27/2013 05:49:09 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest
Error: (08/27/2013 05:49:08 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 3036.61 MB
Available physical RAM: 1977.64 MB
Total Pagefile: 6069.46 MB
Available Pagefile: 4721.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.91 MB
==================== Drives ================================
Drive c: (systemdisk) (Fixed) (Total:225.33 GB) (Free:191.03 GB) NTFS
Drive d: (datendisk) (Fixed) (Total:225.33 GB) (Free:67.26 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B4B6F23B)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=225 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=225 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-18 12:48:56
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\johanna\AppData\Local\Temp\aglirfod.sys
---- System - GMER 2.1 ----
SSDT 907E3076 ZwCreateSection
SSDT 907E3080 ZwRequestWaitReplyPort
SSDT 907E307B ZwSetContextThread
SSDT 907E3085 ZwSetSecurityObject
SSDT 907E308A ZwSystemDebugControl
SSDT 907E3017 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 830729A5 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 83092512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 83099AB4 4 Bytes [76, 30, 7E, 90] {JBE 0x32; JLE 0xffffff94}
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 83099E10 4 Bytes [80, 30, 7E, 90] {XOR BYTE [EAX], 0x7e; NOP }
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 83099E54 4 Bytes [7B, 30, 7E, 90] {JNP 0x32; JLE 0xffffff94}
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 83099ED0 4 Bytes [85, 30, 7E, 90] {TEST [EAX], ESI; JLE 0xffffff94}
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 83099F24 4 Bytes [8A, 30, 7E, 90] {MOV DH, [EAX]; JLE 0xffffff94}
.text ...
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92C2D000, 0x2DEB7A, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269e276d4
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269e279d5
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf91ac0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE5 0x52 0xA6 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x45 0x6A 0x63 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4E 0x01 0x18 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269e276d4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269e279d5 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf91ac0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE5 0x52 0xA6 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x45 0x6A 0x63 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4E 0x01 0x18 0xEC ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
18.09.2013, 12:40
| #2 |
| /// the machine /// TB-Ausbilder    |  Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden Hi,
__________________Scan mit Combofix
__________________ |
|
18.09.2013, 13:20
| #3 |
| | Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden sooo, das kam bei raus
__________________Combofix Logfile: Code:
ATTFilter ComboFix 13-09-17.01 - johanna 18.09.2013 14:03:43.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3037.1937 [GMT 2:00]
ausgeführt von:: d:\desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\84487744.pad
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-18 bis 2013-09-18 ))))))))))))))))))))))))))))))
.
.
2013-09-18 12:12 . 2013-09-18 12:12 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EA9D4F3-E1F3-47AE-9B23-1922DF6DD093}\offreg.dll
2013-09-18 12:11 . 2013-09-18 12:11 -------- d-----w- c:\users\johanna\AppData\Local\temp
2013-09-18 12:11 . 2013-09-18 12:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-18 10:28 . 2013-09-18 10:28 -------- d-----w- C:\FRST
2013-09-18 09:19 . 2013-09-18 09:24 -------- d-----w- C:\AdwCleaner
2013-09-17 17:22 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7EA9D4F3-E1F3-47AE-9B23-1922DF6DD093}\mpengine.dll
2013-09-16 19:24 . 2009-09-01 03:31 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ssp2mpc.dll
2013-09-16 18:34 . 2013-09-16 19:22 -------- d-----w- c:\users\johanna\AppData\Roaming\Nitro PDF
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-16 18:39 . 2013-05-02 08:27 66144 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-16 18:39 . 2012-11-28 18:25 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-09-16 18:39 . 2012-11-28 18:25 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-08-07 02:22 . 2010-10-10 14:19 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-14 20:48 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-14 16:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-14 20:48 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03 . 2013-08-14 20:48 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53 . 2013-08-14 20:48 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-14 20:48 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-14 20:48 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-14 20:48 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 20:48 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-14 20:48 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-14 20:48 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"starter4g"="c:\windows\starter4g.exe" [2010-07-08 160992]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-09-16 347192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 13:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-16 22:25 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
R2 0096401286719054mcinstcleanup;McAfee Application Installer Cleanup (0096401286719054);c:\users\johanna\AppData\Local\Temp\009640~1.EXE [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-10-20 103424]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-14 691696]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-04 37352]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-02 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-09-16 84024]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [2013-06-18 196624]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [2009-03-05 311296]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-07-08 145120]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AGLIRFOD
*Deregistered* - aglirfod
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 19:32]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 19:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-18 14:16:49
ComboFix-quarantined-files.txt 2013-09-18 12:16
.
Vor Suchlauf: 9 Verzeichnis(se), 205.007.966.208 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 205.719.449.600 Bytes frei
.
- - End Of File - - 1933F10BE237B6EC3EE6A4D333F955ED
2E5DEBB2116B3417023E0D6562D7ED07 |
|
18.09.2013, 18:00
| #4 |
| /// the machine /// TB-Ausbilder | Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.09.2013, 09:14
| #5 |
| | Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefundenCode:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.18.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 johanna :: JOHANNA-PC [Administrator] 18.09.2013 19:28:51 mbam-log-2013-09-18 (19-28-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 190672 Laufzeit: 4 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.004 - Bericht erstellt am 18/09/2013 um 19:45:26
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : johanna - JOHANNA-PC
# Gestartet von : D:\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
*************************
AdwCleaner[R0].txt - [5090 octets] - [18/09/2013 11:23:34]
AdwCleaner[R1].txt - [777 octets] - [18/09/2013 19:44:34]
AdwCleaner[S0].txt - [4239 octets] - [18/09/2013 11:24:44]
AdwCleaner[S1].txt - [699 octets] - [18/09/2013 19:45:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [758 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x86
Ran by johanna on 18.09.2013 at 20:17:57,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.09.2013 at 20:20:17,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by johanna (administrator) on JOHANNA-PC on 18-09-2013 20:32:22
Running from D:\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
() C:\windows\SYSTEM32\Rezip.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\windows\service4g.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Opera Software) C:\Program Files\Opera\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [starter4g] - C:\windows\starter4g.exe [160992 2010-07-08] (4G Systems GmbH & Co. KG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-17] (Google Inc.)
HKCU\...\Policies\Explorer: [NoDrives] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
========================== Services (Whitelisted) =================
S2 0096401286719054mcinstcleanup; C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini [1216 2010-10-10] ()
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-16] (Avira Operations GmbH & Co. KG)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-06-18] (Nitro PDF Software)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329168 2010-04-12] ()
R2 XS Stick Service; C:\windows\service4g.exe [145120 2010-07-08] (4G Systems GmbH & Co. KG)
R2 yksvc; C:\Windows\System32\yk62x86.dll [364544 2009-09-28] (Marvell)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-04] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2011-10-20] (Mobile Connector)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-11-14] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\johanna\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-18 20:17 - 2013-09-18 20:17 - 00000000 ____D C:\windows\ERUNT
2013-09-18 19:27 - 2013-09-18 19:27 - 00000000 ____D C:\Users\johanna\AppData\Roaming\Malwarebytes
2013-09-18 19:27 - 2013-09-18 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-18 19:27 - 2013-09-18 19:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-18 19:27 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-18 14:16 - 2013-09-18 14:16 - 00009526 _____ C:\ComboFix.txt
2013-09-18 14:02 - 2013-09-18 14:17 - 00000000 ____D C:\Qoobox
2013-09-18 14:02 - 2013-09-18 14:14 - 00000000 ____D C:\windows\erdnt
2013-09-18 14:02 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-09-18 14:02 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-09-18 14:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-09-18 14:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-09-18 14:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-09-18 14:02 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-09-18 14:02 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-09-18 14:02 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-09-18 12:28 - 2013-09-18 12:28 - 00000000 ____D C:\FRST
2013-09-18 12:20 - 2013-09-18 12:22 - 00000636 _____ C:\windows\system32\defogger_disable.log
2013-09-18 12:20 - 2013-09-18 12:22 - 00000176 _____ C:\Users\johanna\defogger_reenable
2013-09-18 11:19 - 2013-09-18 19:45 - 00000000 ____D C:\AdwCleaner
2013-09-17 10:04 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-17 10:04 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-17 10:04 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-17 10:04 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-17 10:04 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-17 10:04 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-16 20:45 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-16 20:45 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-16 20:45 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-16 20:45 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-16 20:45 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-16 20:45 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-16 20:45 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-16 20:45 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-16 20:34 - 2013-09-16 21:22 - 00000000 ____D C:\Users\johanna\AppData\Roaming\Nitro PDF
==================== One Month Modified Files and Folders =======
2013-09-18 20:28 - 2010-09-27 21:33 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-18 20:17 - 2013-09-18 20:17 - 00000000 ____D C:\windows\ERUNT
2013-09-18 20:01 - 2009-09-16 23:52 - 01091862 _____ C:\windows\WindowsUpdate.log
2013-09-18 19:58 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\NDF
2013-09-18 19:55 - 2009-07-14 06:34 - 00015056 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 19:55 - 2009-07-14 06:34 - 00015056 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 19:47 - 2010-09-27 21:33 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-18 19:46 - 2009-09-17 00:44 - 00679724 _____ C:\windows\PFRO.log
2013-09-18 19:46 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-18 19:46 - 2009-07-14 06:39 - 00163589 _____ C:\windows\setupact.log
2013-09-18 19:45 - 2013-09-18 11:19 - 00000000 ____D C:\AdwCleaner
2013-09-18 19:27 - 2013-09-18 19:27 - 00000000 ____D C:\Users\johanna\AppData\Roaming\Malwarebytes
2013-09-18 19:27 - 2013-09-18 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-18 19:27 - 2013-09-18 19:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-18 14:17 - 2013-09-18 14:02 - 00000000 ____D C:\Qoobox
2013-09-18 14:17 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-18 14:17 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-18 14:16 - 2013-09-18 14:16 - 00009526 _____ C:\ComboFix.txt
2013-09-18 14:14 - 2013-09-18 14:02 - 00000000 ____D C:\windows\erdnt
2013-09-18 14:11 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-09-18 12:28 - 2013-09-18 12:28 - 00000000 ____D C:\FRST
2013-09-18 12:22 - 2013-09-18 12:20 - 00000636 _____ C:\windows\system32\defogger_disable.log
2013-09-18 12:22 - 2013-09-18 12:20 - 00000176 _____ C:\Users\johanna\defogger_reenable
2013-09-18 12:20 - 2010-09-27 20:21 - 00000000 ____D C:\Users\johanna
2013-09-17 22:03 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-17 20:35 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-09-17 19:56 - 2009-07-26 22:06 - 01520734 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-17 19:16 - 2009-07-14 06:33 - 00421360 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-17 10:06 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2013-09-17 10:03 - 2013-08-14 23:10 - 00000000 ____D C:\windows\system32\MRT
2013-09-17 10:01 - 2010-10-10 16:10 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-16 21:22 - 2013-09-16 20:34 - 00000000 ____D C:\Users\johanna\AppData\Roaming\Nitro PDF
2013-09-16 20:39 - 2013-05-02 10:27 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-09-16 20:39 - 2012-11-28 20:25 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-09-16 20:39 - 2012-11-28 20:25 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-08-28 14:15 - 2011-01-01 12:22 - 00000000 ____D C:\Users\johanna\AppData\Local\Google
Some content of TEMP:
====================
C:\Users\johanna\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-16 21:10
==================== End Of Log ============================
--- --- --- [/CODE] Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 03 Ran by johanna at 2013-09-18 20:32:50 Running from D:\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212) Adobe Flash Player 10 ActiveX (Version: 10.1.102.64) Adobe Flash Player 11 Plugin (Version: 11.1.102.62) Adobe Reader 9.1 - Deutsch (Version: 9.1.0) Atheros Client Installation Program (Version: 1.0.1.0805) ATI Catalyst Install Manager (Version: 3.0.741.0) Avira Free Antivirus (Version: 13.0.0.4052) BatteryLifeExtender (Version: 1.0.0) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Core Implementation (Version: 2009.0901.2227.38495) Catalyst Control Center Graphics Full Existing (Version: 2009.0901.2227.38495) Catalyst Control Center Graphics Full New (Version: 2009.0901.2227.38495) Catalyst Control Center Graphics Light (Version: 2009.0901.2227.38495) Catalyst Control Center Graphics Previews Vista (Version: 2009.0901.2227.38495) Catalyst Control Center InstallProxy (Version: 2009.0901.2227.38495) Catalyst Control Center Localization All (Version: 2009.0901.2227.38495) CCC Help Chinese Standard (Version: 2009.0901.2226.38495) CCC Help Chinese Traditional (Version: 2009.0901.2226.38495) CCC Help Czech (Version: 2009.0901.2226.38495) CCC Help Danish (Version: 2009.0901.2226.38495) CCC Help Dutch (Version: 2009.0901.2226.38495) CCC Help English (Version: 2009.0901.2226.38495) CCC Help Finnish (Version: 2009.0901.2226.38495) CCC Help French (Version: 2009.0901.2226.38495) CCC Help German (Version: 2009.0901.2226.38495) CCC Help Greek (Version: 2009.0901.2226.38495) CCC Help Hungarian (Version: 2009.0901.2226.38495) CCC Help Italian (Version: 2009.0901.2226.38495) CCC Help Japanese (Version: 2009.0901.2226.38495) CCC Help Korean (Version: 2009.0901.2226.38495) CCC Help Norwegian (Version: 2009.0901.2226.38495) CCC Help Polish (Version: 2009.0901.2226.38495) CCC Help Portuguese (Version: 2009.0901.2226.38495) CCC Help Russian (Version: 2009.0901.2226.38495) CCC Help Spanish (Version: 2009.0901.2226.38495) CCC Help Swedish (Version: 2009.0901.2226.38495) CCC Help Thai (Version: 2009.0901.2226.38495) CCC Help Turkish (Version: 2009.0901.2226.38495) ccc-core-static (Version: 2009.0901.2227.38495) ccc-utility (Version: 2009.0901.2227.38495) CDBurnerXP (Version: 4.5.2.4214) ChargeableUSB (Version: 1.0.0.0) Compatibility Pack für 2007 Office System (Version: 12.0.6021.5000) CyberLink YouCam (Version: 2.0.2907) Dairy Dash Easy Display Manager (Version: 3.0) Easy Network Manager (Version: 4.2.4) Easy SpeedUp Manager (Version: 3.0.0.4) EasyBatteryManager (Version: 4.0.0.2) Epson Easy Photo Print 2 (Version: 2.2.0.0) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000) EPSON Scan EPSON SX125 Series Handbuch EPSON SX125 Series Printer Uninstall Free YouTube to MP3 Converter version 3.11.30.903 (Version: 3.11.30.903) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.5.4413.1752) Intel® Matrix Storage Manager Junk Mail filter update (Version: 14.0.8089.726) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Marvell Miniport Driver (Version: 10.70.3.3) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.10411.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft SQL Server Native Client (Version: 9.00.3042.00) Microsoft SQL Server VSS Writer (Version: 9.00.3042.00) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MSVCRT (Version: 14.0.1468.721) Namuga 1.3M Webcam (Version: 1.00.0000) Nitro Reader 3 (Version: 3.5.5.2) Opera 12.16 (Version: 12.16.1860) PC Beschleunigen (Version: 1.3.10.20086) Realtek High Definition Audio Driver (Version: 6.0.1.5948) REALTEK Wireless LAN Software (Version: 1.01.0088) Samsung Recovery Solution 4 (Version: 4.0.0.3) Samsung Support Center (Version: 1.0.1) Samsung Update Plus (Version: 2.0) Skype™ 5.3 (Version: 5.3.120) Synaptics Pointing Device Driver (Version: 13.2.4.12) TeamViewer 5 (Version: 5.1.9385 ) TomTom HOME 2.8.2.2264 (Version: 2.8.2.2264) TomTom HOME Visual Studio Merge Modules (Version: 1.0.2) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.3042.00) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) User Guide (Version: 1.0) VLC media player 1.1.11 (Version: 1.1.11) Windows Live Anmelde-Assistent (Version: 5.000.818.5) Windows Live Call (Version: 14.0.8064.0206) Windows Live Communications Platform (Version: 14.0.8064.206) Windows Live Essentials (Version: 14.0.8089.0726) Windows Live Essentials (Version: 14.0.8089.726) Windows Live Family Safety (Version: 14.0.8093.805) Windows Live Fotogalerie (Version: 14.0.8081.709) Windows Live Mail (Version: 14.0.8089.0726) Windows Live Messenger (Version: 14.0.8089.0726) Windows Live Movie Maker (Version: 14.0.8091.0730) Windows Live Sync (Version: 14.0.8089.726) Windows Live Writer (Version: 14.0.8089.0726) XSManager (Version: 3.0) ==================== Restore Points ========================= 14-08-2013 16:37:35 Windows Update 14-08-2013 21:06:14 Windows Update 21-08-2013 07:11:47 Windows Update 27-08-2013 14:02:24 Windows Update 16-09-2013 18:45:25 Windows Update 17-09-2013 08:00:43 Windows Update 17-09-2013 17:54:08 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:04 - 2013-09-18 14:11 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {2305DEF5-962C-43C2-B137-6BA272EB80A9} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.) Task: {3BEA1269-71AA-491F-B309-219AE332725E} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2009-08-01] (SAMSUNG Electronics co., LTD.) Task: {4EE2A8A1-9346-423F-8EC2-1760E5073B97} - System32\Tasks\advSRS4 => C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC) Task: {65CAA3FC-6411-4E38-A61B-05EDDDD07C53} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [2010-04-20] () Task: {7366B38C-B7CB-49A5-AE9B-DC9EF847FB55} - System32\Tasks\BatteryLifeExtender => C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.) Task: {86AABC58-8DA0-4A1A-90C8-7AE51DC464DB} - System32\Tasks\SamsungSupportCenter => C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [2009-09-07] (SAMSUNG Electronics) Task: {8A29FF2D-80A1-4DAC-8007-66FDEA4D5BE9} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-12] (Samsung Electronics Co., Ltd.) Task: {91AFFC71-1CDF-43D6-B6F1-5D704BA249F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-27] (Google Inc.) Task: {A28A448A-14ED-4AB2-8283-FF3D6FFF751E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation) Task: {A99F5C7C-253D-4D4A-8D78-C0EBBBCAF920} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-27] (Google Inc.) Task: {B69DDDF6-11C5-474A-9AFE-C8BC8A590F05} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {D6654822-7DEB-455B-B926-D9C6F3F24967} - System32\Tasks\{1706DA13-0B74-43AC-9C51-C95BB39C0F86} => C:\Program Files\Skype\\Phone\Skype.exe [2011-06-15] (Skype Technologies S.A.) Task: {EFC1E165-AE5F-415D-9A4F-F0F56760B1F2} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-07-14 02:07 - 2009-07-14 03:14 - 00064000 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2009-09-17 00:06 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00106496 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3531.38565__90ba9c70f846762e\MOM.Implementation.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00032768 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00036864 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00065536 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3531.38563__90ba9c70f846762e\LOG.Foundation.Implementation.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00019456 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3531.38565__90ba9c70f846762e\CCC.Implementation.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll 2009-09-17 16:02 - 2009-07-15 01:14 - 00169256 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll 2009-09-17 16:02 - 2009-07-15 01:14 - 00161064 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00094208 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00057344 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3531.38480__90ba9c70f846762e\CLI.Component.SkinFactory.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00057344 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3531.38479__90ba9c70f846762e\CLI.Component.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00045056 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00032768 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00045056 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3531.38478__90ba9c70f846762e\AEM.Server.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00045056 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3531.38575__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00045056 _____ (ATI Technologies Inc.) C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (ATI Technologies Inc.) C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00364544 _____ (Advanced Mirco Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3531.38481__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00135168 _____ (Advanced Mirco Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00065536 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3531.38533__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00077824 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3531.38551__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00065536 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00032768 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3531.38490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3531.38505__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00024576 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00053248 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00032768 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3531.38531__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00049152 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00036864 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00061440 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00053248 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00090112 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00057344 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00045056 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3531.38569__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00028672 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3531.38477__90ba9c70f846762e\APM.Server.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00007168 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3531.38478__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00552960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3531.38559__90ba9c70f846762e\CLI.Component.Systemtray.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00405504 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Component.Wizard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00024576 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00651264 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3531.38593__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll 2009-02-12 07:32 - 2009-02-12 07:32 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00491520 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00040960 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00094208 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3531.38538__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00007168 _____ ( ) C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00409600 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3531.38546__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00307200 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3531.38506__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 01691648 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3531.38598__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00204800 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 01212416 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3531.38486__90ba9c70f846762e\CLI.Component.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00024576 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00020480 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00073728 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3531.38490__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00016384 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00045056 _____ (Advanced Mirco Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3531.38571__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00196608 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 01011712 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3531.38595__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00094208 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00393216 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00315392 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3531.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00360448 _____ (Advanced Micro Devices, Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3531.38520__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00331776 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00573440 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3531.38502__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00798720 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3531.38526__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll 2009-09-16 23:52 - 2009-09-16 23:52 - 00118784 _____ (Advanced Micro Devices Inc.) C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll 2011-06-15 19:08 - 2013-07-07 10:59 - 16192864 _____ (Opera Software) C:\Program Files\Opera\Opera.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\ProgramData\Temp:4CF61E54 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 30% Total physical RAM: 3036.61 MB Available physical RAM: 2121.56 MB Total Pagefile: 6069.46 MB Available Pagefile: 4785.91 MB Total Virtual: 2047.88 MB Available Virtual: 1906.23 MB ==================== Drives ================================ Drive c: (systemdisk) (Fixed) (Total:225.33 GB) (Free:192.78 GB) NTFS Drive d: (datendisk) (Fixed) (Total:225.33 GB) (Free:67.24 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: B4B6F23B) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=225 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=225 GB) - (Type=07 NTFS) ==================== End Of Log ============================  ABER: der Trojaner ist ja von Avira in Quarantäne verschoben worden... Bleibt der da jetzt drin oder muss ich den noch irgendwie entfernen? Ist der PC wieder sicher und kann meine Sis weitersurfen? Danke! |
|
19.09.2013, 16:36
| #6 |
| /// the machine /// TB-Ausbilder | Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden Noch nen Onlinescan zur Kontrolle. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden |
|
19.09.2013, 19:56
| #7 |
| | Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden ach mist .... schau mal das logfile vom Eset  Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7c5cf60a530a5e4e827c0760186bc11f
# engine=15189
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-19 05:55:11
# local_time=2013-09-19 07:55:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 5387 245036601 0 0
# compatibility_mode=5122 16777214 0 13 92888884 107144733 0 0
# compatibility_mode=5893 16776573 100 94 84434 131244502 0 0
# scanned=127578
# found=1
# cleaned=0
# scan_time=4907
sh=F920B7B9348F35D55215B9BB6A7B43781346C9EF ft=1 fh=8c024e84164d15f3 vn="möglicherweise Variante von Win32/Grimkast.A Virus" ac=I fn="D:\Downloads\downloads\GAMES\Nfs4\CARMAN.EXE"
D:\Downloads\downloads\GAMES\Nfs4\CARMAN.EXE möglicherweise Variante von Win32/Grimkast.A Virus und hier security check Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.1.102.62 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe ESET ESET Online Scanner OnlineScannerApp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03
Ran by johanna (administrator) on JOHANNA-PC on 19-09-2013 20:08:38
Running from D:\Desktop\Antivirenzeug
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
() C:\windows\SYSTEM32\Rezip.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\XSManager\WTGService.exe
(4G Systems GmbH & Co. KG) C:\windows\service4g.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(4G Systems GmbH & Co. KG) C:\Windows\starter4g.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Avira Operations GmbH & Co. KG) C:\program files\avira\antivir desktop\ipmGui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(Google) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-09-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-15] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM\...\Run: [starter4g] - C:\windows\starter4g.exe [160992 2010-07-08] (4G Systems GmbH & Co. KG)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-09-17] (Google Inc.)
HKCU\...\Policies\Explorer: [NoDrives] 0
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
========================== Services (Whitelisted) =================
S2 0096401286719054mcinstcleanup; C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini [1216 2010-10-10] ()
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-16] (Avira Operations GmbH & Co. KG)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-06-18] (Nitro PDF Software)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329168 2010-04-12] ()
R2 XS Stick Service; C:\windows\service4g.exe [145120 2010-07-08] (4G Systems GmbH & Co. KG)
R2 yksvc; C:\Windows\System32\yk62x86.dll [364544 2009-09-28] (Marvell)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-04] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [103424 2011-10-20] (Mobile Connector)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows (R) Codename Longhorn DDK provider)
R1 SABI; C:\windows\system32\Drivers\SABI.sys [10752 2009-05-28] (SAMSUNG ELECTRONICS)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-11-14] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [237696 2009-08-10] (Vimicro Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\johanna\AppData\Local\Temp\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-19 18:28 - 2013-09-19 18:28 - 00000000 ____D C:\Program Files\ESET
2013-09-19 10:10 - 2013-09-19 18:25 - 98378485 _____ C:\windows\system32\洏Ū᭔]
2013-09-18 20:17 - 2013-09-18 20:17 - 00000000 ____D C:\windows\ERUNT
2013-09-18 19:27 - 2013-09-18 19:27 - 00000000 ____D C:\Users\johanna\AppData\Roaming\Malwarebytes
2013-09-18 19:27 - 2013-09-18 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-18 19:27 - 2013-09-18 19:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-18 19:27 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-09-18 14:16 - 2013-09-18 14:16 - 00009526 _____ C:\ComboFix.txt
2013-09-18 14:02 - 2013-09-18 14:17 - 00000000 ____D C:\Qoobox
2013-09-18 14:02 - 2013-09-18 14:14 - 00000000 ____D C:\windows\erdnt
2013-09-18 14:02 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-09-18 14:02 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-09-18 14:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-09-18 14:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-09-18 14:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-09-18 14:02 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-09-18 14:02 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-09-18 14:02 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-09-18 12:28 - 2013-09-18 12:28 - 00000000 ____D C:\FRST
2013-09-18 12:20 - 2013-09-18 12:22 - 00000636 _____ C:\windows\system32\defogger_disable.log
2013-09-18 12:20 - 2013-09-18 12:22 - 00000176 _____ C:\Users\johanna\defogger_reenable
2013-09-18 11:19 - 2013-09-18 19:45 - 00000000 ____D C:\AdwCleaner
2013-09-17 10:04 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-17 10:04 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-17 10:04 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-17 10:04 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-17 10:04 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-17 10:04 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-17 10:04 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-16 20:45 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-16 20:45 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-16 20:45 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-16 20:45 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-16 20:45 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-16 20:45 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-16 20:45 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-16 20:45 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-16 20:45 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-16 20:34 - 2013-09-16 21:22 - 00000000 ____D C:\Users\johanna\AppData\Roaming\Nitro PDF
==================== One Month Modified Files and Folders =======
2013-09-19 19:28 - 2010-09-27 21:33 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-19 19:02 - 2009-09-16 23:52 - 01107481 _____ C:\windows\WindowsUpdate.log
2013-09-19 18:28 - 2013-09-19 18:28 - 00000000 ____D C:\Program Files\ESET
2013-09-19 18:25 - 2013-09-19 10:10 - 98378485 _____ C:\windows\system32\洏Ū᭔]
2013-09-19 10:28 - 2010-09-27 21:33 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-18 20:17 - 2013-09-18 20:17 - 00000000 ____D C:\windows\ERUNT
2013-09-18 19:58 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\NDF
2013-09-18 19:55 - 2009-07-14 06:34 - 00015056 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 19:55 - 2009-07-14 06:34 - 00015056 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 19:46 - 2009-09-17 00:44 - 00679724 _____ C:\windows\PFRO.log
2013-09-18 19:46 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-18 19:46 - 2009-07-14 06:39 - 00163589 _____ C:\windows\setupact.log
2013-09-18 19:45 - 2013-09-18 11:19 - 00000000 ____D C:\AdwCleaner
2013-09-18 19:27 - 2013-09-18 19:27 - 00000000 ____D C:\Users\johanna\AppData\Roaming\Malwarebytes
2013-09-18 19:27 - 2013-09-18 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-18 19:27 - 2013-09-18 19:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-18 14:17 - 2013-09-18 14:02 - 00000000 ____D C:\Qoobox
2013-09-18 14:17 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-18 14:17 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-18 14:16 - 2013-09-18 14:16 - 00009526 _____ C:\ComboFix.txt
2013-09-18 14:14 - 2013-09-18 14:02 - 00000000 ____D C:\windows\erdnt
2013-09-18 14:11 - 2009-07-14 04:04 - 00000215 _____ C:\windows\system.ini
2013-09-18 12:28 - 2013-09-18 12:28 - 00000000 ____D C:\FRST
2013-09-18 12:22 - 2013-09-18 12:20 - 00000636 _____ C:\windows\system32\defogger_disable.log
2013-09-18 12:22 - 2013-09-18 12:20 - 00000176 _____ C:\Users\johanna\defogger_reenable
2013-09-18 12:20 - 2010-09-27 20:21 - 00000000 ____D C:\Users\johanna
2013-09-17 22:03 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-17 20:35 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-09-17 19:56 - 2009-07-26 22:06 - 01520734 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-17 19:16 - 2009-07-14 06:33 - 00421360 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-17 10:06 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2013-09-17 10:03 - 2013-08-14 23:10 - 00000000 ____D C:\windows\system32\MRT
2013-09-17 10:01 - 2010-10-10 16:10 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-09-16 21:22 - 2013-09-16 20:34 - 00000000 ____D C:\Users\johanna\AppData\Roaming\Nitro PDF
2013-09-16 20:39 - 2013-05-02 10:27 - 00066144 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2013-09-16 20:39 - 2012-11-28 20:25 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2013-09-16 20:39 - 2012-11-28 20:25 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2013-08-28 14:15 - 2011-01-01 12:22 - 00000000 ____D C:\Users\johanna\AppData\Local\Google
Some content of TEMP:
====================
C:\Users\johanna\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-16 21:10
==================== End Of Log ============================
--- --- --- --- --- --- flashplayer und reader geupdatet neuer security check Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.1.102.62 Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe ESET ESET Online Scanner OnlineScannerApp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
20.09.2013, 10:30
| #8 |
| /// the machine /// TB-Ausbilder | Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden Lösch den einen Download einfach . Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden |
| adobe, avg, avira, branding, browser, converter, defender, desktop, device driver, e-banking, farbar, farbar recovery scan tool, fehler, flash player, google, home, installation, mp3, msiexec.exe, plug-in, programm, prozesse, realtek, registry, services.exe, software, stick, svchost.exe, taskhost.exe, tr/crypt.zpack.gen8, trojaner, vista, windows, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
