Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.04.2012, 12:22   #1
AndiG
 
TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 - Frage

TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32



Hallo ich bin der Andi und habe folgendes Problem.
Mein Virenschutz ( Avira Antivir - gratis Version) meldet seit einigen Tagen nach dem Booten des Pcs, dass ein Trojaner im Sytem 32 Ordner sitzt und zwar TR/Crypt.Zpack.Gen2 in der Datei jpg3dfu4.dll. Nach dem Löschen der datei dauert es nicht lange und er erstellt sich selbst wieder.. Ich habe selbst nach einiger Internetrecherche nicht herausgefunden, wie ich vorgehen soll. Noch dazu kommt, dass gestan zusätzlich zum diesem Trojaner noch der TR/ATRAPS.Gen auch im Ordner System32 gemeldet wird. ( in der Datei aptw53640.dll) Bei den Angefügten Logtexte
1. Avira
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 04. April 2012  08:46

Es wird nach 3580092 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ***-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.898     41963 Bytes  31.01.2012 13:51:00
AVSCAN.EXE     : 12.1.0.20     492496 Bytes  16.02.2012 10:04:22
AVSCAN.DLL     : 12.1.0.18      65744 Bytes  16.02.2012 10:04:21
LUKE.DLL       : 12.1.0.19      68304 Bytes  16.02.2012 10:04:23
AVSCPLR.DLL    : 12.1.0.22     100048 Bytes  16.02.2012 10:04:26
AVREG.DLL      : 12.1.0.33     228104 Bytes  03.04.2012 20:42:53
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 19:28:09
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 16:13:49
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 17:19:07
VBASE005.VDF   : 7.11.26.45      2048 Bytes  28.03.2012 17:19:07
VBASE006.VDF   : 7.11.26.46      2048 Bytes  28.03.2012 17:19:07
VBASE007.VDF   : 7.11.26.47      2048 Bytes  28.03.2012 17:19:08
VBASE008.VDF   : 7.11.26.48      2048 Bytes  28.03.2012 17:19:08
VBASE009.VDF   : 7.11.26.49      2048 Bytes  28.03.2012 17:19:08
VBASE010.VDF   : 7.11.26.50      2048 Bytes  28.03.2012 17:19:08
VBASE011.VDF   : 7.11.26.51      2048 Bytes  28.03.2012 17:19:08
VBASE012.VDF   : 7.11.26.52      2048 Bytes  28.03.2012 17:19:08
VBASE013.VDF   : 7.11.26.53      2048 Bytes  28.03.2012 17:19:09
VBASE014.VDF   : 7.11.26.107   221696 Bytes  30.03.2012 17:08:10
VBASE015.VDF   : 7.11.26.179   224768 Bytes  02.04.2012 06:56:37
VBASE016.VDF   : 7.11.26.180     2048 Bytes  02.04.2012 06:56:37
VBASE017.VDF   : 7.11.26.181     2048 Bytes  02.04.2012 06:56:38
VBASE018.VDF   : 7.11.26.182     2048 Bytes  02.04.2012 06:56:38
VBASE019.VDF   : 7.11.26.183     2048 Bytes  02.04.2012 06:56:38
VBASE020.VDF   : 7.11.26.184     2048 Bytes  02.04.2012 06:56:38
VBASE021.VDF   : 7.11.26.185     2048 Bytes  02.04.2012 06:56:38
VBASE022.VDF   : 7.11.26.186     2048 Bytes  02.04.2012 06:56:38
VBASE023.VDF   : 7.11.26.187     2048 Bytes  02.04.2012 06:56:39
VBASE024.VDF   : 7.11.26.188     2048 Bytes  02.04.2012 06:56:39
VBASE025.VDF   : 7.11.26.189     2048 Bytes  02.04.2012 06:56:39
VBASE026.VDF   : 7.11.26.190     2048 Bytes  02.04.2012 06:56:39
VBASE027.VDF   : 7.11.26.191     2048 Bytes  02.04.2012 06:56:39
VBASE028.VDF   : 7.11.26.192     2048 Bytes  02.04.2012 06:56:39
VBASE029.VDF   : 7.11.26.193     2048 Bytes  02.04.2012 06:56:39
VBASE030.VDF   : 7.11.26.194     2048 Bytes  02.04.2012 06:56:40
VBASE031.VDF   : 7.11.26.234    99328 Bytes  04.04.2012 06:35:06
Engineversion  : 8.2.10.36 
AEVDF.DLL      : 8.1.2.2       106868 Bytes  26.10.2011 15:07:31
AESCRIPT.DLL   : 8.1.4.15      442747 Bytes  03.04.2012 20:42:52
AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 15:56:59
AESBX.DLL      : 8.2.5.5       606579 Bytes  12.03.2012 18:14:30
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL     : 8.2.16.9      807287 Bytes  03.04.2012 20:42:51
AEOFFICE.DLL   : 8.1.2.26      201083 Bytes  03.04.2012 20:42:49
AEHEUR.DLL     : 8.1.4.10     4551031 Bytes  03.04.2012 20:42:48
AEHELP.DLL     : 8.1.19.1      254327 Bytes  03.04.2012 20:42:39
AEGEN.DLL      : 8.1.5.23      409973 Bytes  08.03.2012 17:17:55
AEEXP.DLL      : 8.1.0.27       82293 Bytes  03.04.2012 20:42:53
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 21:46:01
AECORE.DLL     : 8.1.25.6      201078 Bytes  15.03.2012 18:08:25
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  11.10.2011 12:59:41
AVPREF.DLL     : 12.1.0.17      51920 Bytes  11.10.2011 12:59:38
AVREP.DLL      : 12.1.0.17     179408 Bytes  11.10.2011 12:59:38
AVARKT.DLL     : 12.1.0.23     209360 Bytes  16.02.2012 10:04:21
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  11.10.2011 12:59:37
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  11.10.2011 12:59:51
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  11.10.2011 12:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  11.10.2011 12:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  11.10.2011 13:00:00
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  11.10.2011 13:00:00

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 04. April 2012  08:46

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD3
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '151' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexingService.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexStoreSvr.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'CPSHelpRunner10.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '160' Modul(e) wurden durchsucht
Durchsuche Prozess 'MyTomTomSA.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'LightScribeControlPanel.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMBgMonitor.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2-ui.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'EEventManager.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'brs.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD8Serv.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMXLauncher.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'RoxWatchTray10.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '205' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMEService.exe' - '10' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'mysqld.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'FABS.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '165' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '805' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Boot>
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
  [FUND]      Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen2
Beginne mit der Suche in 'D:\' <Recover>

Beginne mit der Desinfektion:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
  [FUND]      Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen2
  [WARNUNG]   Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
  [WARNUNG]   Die Datei konnte nicht gelöscht werden!
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
  [HINWEIS]   Die Datei wurde zum Löschen nach einem Neustart markiert.
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
         
2. Malware Bytes
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.04.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Deaktiviert

04.04.2012 08:46:14
mbam-log-2012-04-04 (10-36-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 387161
Laufzeit: 1 Stunde(n), 50 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\***\Downloads\SoftonicDownloader_fuer_java-runtime-environment.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\***\Downloads\SoftonicDownloader_fuer_lyrics-plugin.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.

(Ende)
         
3.1DDS
Code:
ATTFilter
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by *** at 10:52:35 on 2012-04-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3326.1861 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k Update-Service
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Shared files\brs.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Users\***\AppData\Local\Akamai\netsession_win.exe
C:\Users\***\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.at/
uDefault_Page_URL = hxxp://www.aldi.com
uURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
mURLSearchHooks: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Winload Toolbar: {40c3cc16-7269-4b32-9531-17f2950fb06f} - c:\program files\winload\tbWinl.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [MediaPortal] c:\program files\team mediaportal\mediaportal\MediaPortal.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [MyTomTomSA.exe] "c:\program files\mytomtom 3\MyTomTomSA.exe"
uRun: [EPSON SX610FW Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifje.exe /fu "c:\windows\temp\E_SE3F8.tmp" /EF "HKCU"
uRun: [Akamai NetSession Interface] "c:\users\***\appdata\local\akamai\netsession_win.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>] 
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashow4\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashow4" updatewithcreateonce "software\cyberlink\mediashow\4.1"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [ Malwarebytes Anti-Malware ] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Nach Microsoft E&xel exportieren - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{11CAD6E9-08D1-43EB-AF52-DC77E5FBA6F2} : NameServer = 195.3.96.67 213.33.98.136
TCP: Interfaces\{1AE0125E-3DA4-4677-A345-5E0A465F7A7B} : DhcpNameServer = 10.0.0.138
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\cag6uqjh.default\
FF - prefs.js: browser.startup.homepage - www.google.at
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50524.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\***\appdata\roaming\mozilla\firefox\profiles\cag6uqjh.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-18 36000]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/12/02 19:59:46];c:\program files\cyberlink\powerdvd8\000.fcl [2010-1-13 87536]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-21 172032]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-18 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-18 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-18 74640]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-2-3 1155072]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 Update-Service;Update-Service;c:\windows\system32\svchost.exe -k Update-Service [2009-7-14 20992]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-5-21 5430272]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-5-21 157184]
R3 CYDTV_SRV;cydtv Driver;c:\windows\system32\drivers\cydtv.sys [2009-11-30 430720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-1-26 579072]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-5-21 30392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 GeniaNet;GeniaNet Ethernet Controller;c:\windows\system32\drivers\GeniaNet.sys [2010-12-2 23552]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-15 52224]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-18 1343400]
.
=============== Created Last 30 ================
.
2012-04-04 06:22:08	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-04 06:18:55	6582328	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{be4a5949-efc6-4d20-ad7f-af86fe6d87e0}\mpengine.dll
2012-04-03 07:25:25	--------	d-----w-	c:\program files\CCleaner
2012-04-03 07:18:12	--------	d-----w-	c:\users\***\appdata\roaming\Malwarebytes
2012-04-03 07:12:29	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-03 07:12:26	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-24 16:52:01	--------	d-----w-	c:\users\***\appdata\local\My Games
2012-03-24 14:30:15	44472	----a-w-	c:\program files\mozilla firefox\mozglue.dll
2012-03-14 21:09:57	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-14 21:09:56	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 15:20:52	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 15:20:50	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-13 17:24:20	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:24:20	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-13 17:24:20	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:24:17	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-13 17:24:17	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:24:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M  ====================
.
2012-03-01 17:07:03	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-23 07:18:36	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-09 18:08:40	139080	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-02-09 18:08:35	270240	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-02-09 18:08:35	270240	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-02-04 20:21:44	270240	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-01-17 13:46:45	1	----a-w-	c:\windows\system32\SI.bin
.
============= FINISH: 10:53:15,02 ===============
         
3.2Attach
Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 22.07.2010 16:16:10
System Uptime: 04.04.2012 08:10:39 (2 hours ago)
.
Motherboard: MEDIONPC |  | MS-7646
Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 1898/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 910 GiB total, 767,531 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 11,034 GiB free.
E: is CDROM ()
F: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: hidzd72b
Device ID: ROOT\LEGACY_HIDZD72B\0000
Manufacturer: 
Name: hidzd72b
PNP Device ID: ROOT\LEGACY_HIDZD72B\0000
Service: hidzd72b
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: GeniaNet Ethernet Controller
Device ID: ROOT\NET\0000
Manufacturer: Genia Techonology Corp.
Name: GeniaNet Ethernet Controller
PNP Device ID: ROOT\NET\0000
Service: GeniaNet
.
==== System Restore Points ===================
.
RP347: 14.03.2012 22:09:28 - Windows Update
RP348: 19.03.2012 19:24:22 - Installed Licensing Service Install
RP349: 20.03.2012 18:44:13 - Windows Update
RP350: 27.03.2012 15:39:45 - Windows Update
RP351: 03.04.2012 07:58:49 - Windows Update
RP352: 03.04.2012 21:09:12 - Wiederherstellungsvorgang
RP354: 04.04.2012 08:18:09 - Windows Update
RP353: 04.04.2012 09:13:53 - Entfernt Battlefield 2(TM)
.
==== Installed Programs ======================
.
7-Zip 9.20
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0 - Deutsch
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD USB Filter Driver
aonUpdate
ATI Catalyst Install Manager
Avira Free Antivirus
Battlefield Heroes
Borderlands
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Norwegian
CCC Help Spanish
CCC Help Swedish
Compatibility Pack für 2007 Office System
CorelDRAW Essentials 4
CorelDRAW Essentials 4 - Content
CorelDRAW Essentials 4 - Draw
CorelDRAW Essentials 4 - Extra Content
CorelDRAW Essentials 4 - Filters
CorelDRAW Essentials 4 - ICA
CorelDRAW Essentials 4 - IPM - No VBA
CorelDRAW Essentials 4 - Lang BR
CorelDRAW Essentials 4 - Lang DE
CorelDRAW Essentials 4 - Lang EN
CorelDRAW Essentials 4 - Lang ES
CorelDRAW Essentials 4 - Lang FR
CorelDRAW Essentials 4 - Lang IT
CorelDRAW Essentials 4 - Lang NL
CorelDRAW Essentials 4 - PHOTO-PAINT
Counter-Strike: Source
Cross Fire En
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDVD 8
CyberLink PowerDVD Copy
CyberLink PowerProducer
CyberLink YouCam
Day of Defeat: Source
DirectXInstallService
Driver Install 32-bit
DVBViewer Pro DEMO
EA Download Manager
Elecard AVC PlugIn for ProgDVB
Epson Event Manager
Epson Printer Software Downloader
EPSON Scan
Epson Stylus Office BX610FW_Office TX610FW_SX610FW Handbuch
EPSON SX610FW Series Printer Uninstall
EpsonNet Print
EpsonNet Setup
Fallout: New Vegas
Far Cry 2
ffdshow [rev 3154] [2009-12-09]
Firebird SQL Server - MAGIX Edition
GameSpy Arcade
Garry's Mod
GPL MPEG-1/2 DirectShow Decoder Filter
GTA2
Guitar Pro 5.0
Haali Media Splitter
Heroes of Might and Magic V - Tribes of the East
Hofer Foto Manager Free
Hofer Foto Service
Hofer Fotodruck Service 4.5
Hofer Online Druck Service
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
HP Deskjet 1050 J410 series Hilfe
HP Update
Java Auto Updater
Java(TM) 6 Update 31
JDownloader 0.9
Junk Mail filter update
LastChaosGER
LG Tool Kit
LightScribe System Software
LogMeIn Hamachi
Malwarebytes Anti-Malware Version 1.60.1.1000
MEDION Fotos auf CD & DVD SE Hofer
Medion Home Cinema
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [DEU]
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MIDI Eddie
Minilyrics
Mozilla Firefox 10.0.2 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Server 5.1
MyTomTom 3.1.0.530
Nero 7 Essentials
NVIDIA PhysX v8.10.29
OGA Notifier 2.0.0048.0
Opera 11.61
Paintball2 Alpha build 35
Pando Media Booster
PlayReady PC Runtime x86
ProgDVB
Project64 1.6
PunkBuster Services
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Disc Gallery
Roxio File Backup
Roxio MediaShare
Roxio Update Manager
Roxio WinOnCD 10
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Ski Challenge 11 (AT)
Skype Click to Call
Skype™ 5.5
SmartSound Quicktracks Plugin
Spelling Dictionaries Support For Adobe Reader 9
SPORE™
Steam
Team Fortress 2
TeamSpeak 3 Client
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
TuxGuitar
Ulead PhotoImpact 12
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio C++ 10.0 Runtime
Windows Live-Uploadtool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID-Anmelde-Assistent
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Winload Toolbar
WinPcap 4.1.2
.
==== End Of File ===========================
         
4.defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:49 on 04/04/2012 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
5.Gmer
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-04 11:44:04
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000077 WDC_WD10 rev.80.0
Running: 4499fxjp(gmer).exe; Driver: C:\Users\***\AppData\Local\Temp\pgriqpow.sys


---- System - GMER 1.0.15 ----

SSDT   914883D6                                      ZwCreateSection
SSDT   914883E0                                      ZwRequestWaitReplyPort
SSDT   914883DB                                      ZwSetContextThread
SSDT   914883E5                                      ZwSetSecurityObject
SSDT   914883EA                                      ZwSystemDebugControl
SSDT   91488377                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text  ntkrnlpa.exe!ZwSaveKey + 13C1                 836893D9 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2        836C2D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7           836C9EEC 4 Bytes  [D6, 83, 48, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553           836CA248 4 Bytes  [E0, 83, 48, 91] {LOOPNZ 0xffffffffffffff85; DEC EAX; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597           836CA28C 4 Bytes  [DB, 83, 48, 91]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613           836CA308 4 Bytes  [E5, 83, 48, 91] {IN EAX, 0x83; DEC EAX; XCHG ECX, EAX}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667           836CA35C 4 Bytes  [EA, 83, 48, 91]
.text  ...                                           
.text  C:\Windows\system32\DRIVERS\atikmdag.sys      section is writeable [0x9202A000, 0x2F786C, 0xE8000020]
.text  C:\Program Files\CyberLink\PowerDVD8\000.fcl  section is writeable [0x821C5000, 0x2892, 0xE8000020]
.vmp2  C:\Program Files\CyberLink\PowerDVD8\000.fcl  entry point in ".vmp2" section [0x821E8050]
?      C:\Users\***\AppData\Local\Temp\mbr.sys    Das System kann die angegebene Datei nicht finden. !

---- EOF - GMER 1.0.15 ----
         
der Scans wurden sie aber nicht mehr gefunden. Sind sie nun weg ?
Ich hoffe auf eure Hilfe lg Andi.

Alt 04.04.2012, 17:29   #2
markusg
/// Malware-holic
 
TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 - Standard

TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 04.04.2012, 17:34   #3
AndiG
 
TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 - Standard

TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32



Beide Trojaner sind ( ohne OTL) spurlos verschwunden.
Selbst Avira findet sie nicht mehr.
Soll ich die OTL.exe trotzdem starten?
__________________

Alt 04.04.2012, 19:36   #4
AndiG
 
TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 - Standard

TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32



Okay Extras.txt ist im Anhang.
Otl.txt hier:
Code:
ATTFilter
OTL logfile created on: 04.04.2012 19:16:00 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\***\Desktop\Trojaner board
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 63,47% Memory free
6,50 Gb Paging File | 5,03 Gb Available in Paging File | 77,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 767,20 Gb Free Space | 84,27% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,03 Gb Free Space | 55,17% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.04 17:41:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\Trojaner board\OTL.exe
PRC - [2012.03.13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.15 17:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.04.07 04:12:38 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.04.07 04:12:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.01.13 00:08:36 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared files\brs.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.16 21:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.01.12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2007.08.24 15:52:42 | 000,240,112 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
PRC - [2007.08.24 15:52:02 | 000,018,928 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
PRC - [2007.08.14 03:44:38 | 000,113,136 | ---- | M] () -- C:\Programme\Roxio\CinePlayer\DMXLauncher.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.12.23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006.11.29 11:58:14 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.17 18:41:42 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012.02.17 18:41:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.17 18:41:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.17 18:41:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.17 18:40:39 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.17 18:40:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.17 18:40:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.10.14 15:55:36 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.21 11:50:36 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2010.05.21 11:50:36 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3748.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:36 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.05.21 11:50:36 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:36 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:36 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:36 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3748.36875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.05.21 11:50:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:36 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:35 | 001,294,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3748.36959__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,856,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3748.36878__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,655,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3748.36942__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3748.36851__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3748.36900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.05.21 11:50:35 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:35 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.05.21 11:50:35 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3748.36931__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3748.36855__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:35 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:34 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:34 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3748.36871__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:34 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:34 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3748.36816__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.05.21 11:50:34 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.05.21 11:50:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:34 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3748.36884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3748.36815__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.05.21 11:50:34 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3748.36923__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.05.21 11:50:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010.05.21 11:50:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.05.21 11:50:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.05.21 11:50:34 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3748.36816__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.05.21 11:50:34 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3748.36820__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.05.21 11:50:34 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3748.36817__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3748.36825__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.05.21 11:50:34 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3748.36928__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3748.36819__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.05.21 11:50:34 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3748.36820__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3748.36826__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3748.36957__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010.05.21 11:50:33 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3748.36917__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010.05.21 11:50:33 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.05.21 11:50:33 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3748.36819__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3748.36923__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.05.21 11:50:33 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3748.36921__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.05.21 11:50:33 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3748.36867__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3748.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.05.21 11:50:33 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.05.21 11:50:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3748.36820__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.05.21 11:50:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3748.36818__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.05.21 11:50:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3748.36882__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3748.36819__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.05.21 11:50:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3748.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3748.36817__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.05.21 11:50:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3748.36842__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.05.21 11:50:33 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3748.36817__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3748.36824__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.05.21 11:50:33 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3748.36822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.05.21 11:50:33 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3748.36822__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.05.21 11:50:32 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3748.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.05.21 11:50:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3748.36824__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.05.21 11:50:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3748.36823__90ba9c70f846762e\APM.Server.dll
MOD - [2010.05.21 11:50:32 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3748.36821__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.05.21 11:50:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3748.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.05.21 11:50:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3748.36830__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.05.21 11:50:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.05.21 11:50:32 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3748.36923__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.05.21 11:50:32 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3748.36831__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.05.21 11:50:32 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.12.22 09:50:28 | 000,135,168 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2007.08.24 15:53:10 | 005,462,512 | ---- | M] () -- C:\Programme\Common Files\Roxio Shared\10.0\DLLShared\roxipp52.dll
MOD - [2007.08.18 01:36:28 | 000,013,312 | ---- | M] () -- C:\Programme\Roxio\Virtual Drive 10\1031\DC_ShellExt.loc
MOD - [2007.08.14 03:44:38 | 000,113,136 | ---- | M] () -- C:\Programme\Roxio\CinePlayer\DMXLauncher.exe
MOD - [2004.07.26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\aptw53b4o.dll -- (LanmanWorkstation)
SRV - [2012.04.04 09:16:35 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012.03.16 20:35:50 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.09 21:02:05 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.15 17:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.08.15 18:19:00 | 003,700,176 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.06.18 11:31:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.04.07 04:12:04 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.08.24 15:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007.08.24 15:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007.08.24 15:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007.08.24 15:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007.08.24 15:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva390.sys -- (XDva390)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva386.sys -- (XDva386)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva384.sys -- (XDva384)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva383.sys -- (XDva383)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva382.sys -- (XDva382)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva379.sys -- (XDva379)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva377.sys -- (XDva377)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva374.sys -- (XDva374)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva372.sys -- (XDva372)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva368.sys -- (XDva368)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva367.sys -- (XDva367)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva366.sys -- (XDva366)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva359.sys -- (XDva359)
DRV - File not found [Kernel | System | Unknown] -- C:\Windows\system32\drivers\hidzd72b.sys -- (hidzd72b)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys -- (DSDrv4)
DRV - [2012.02.16 12:04:24 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.07 04:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.04.07 03:23:10 | 000,157,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.03.09 12:21:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.01.13 00:08:30 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/12/02 19:59:46] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.11.30 02:00:44 | 000,430,720 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cydtv.sys -- (CYDTV_SRV)
DRV - [2009.10.01 18:54:56 | 000,023,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GeniaNet.sys -- (GeniaNet)
DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.08.18 03:09:04 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0FC9169B-F436-489F-873A-7FAF8ABA4140}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.03 21:16:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.11.27 16:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.08.08 19:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.11.27 16:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.03.19 18:35:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cag6uqjh.default\extensions
[2011.12.29 20:51:51 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cag6uqjh.default\extensions\battlefieldheroespatcher@ea.com
[2012.04.03 21:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.16 19:44:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.03 21:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CAG6UQJH.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.02.18 21:37:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.18 21:37:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.18 21:37:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.18 21:37:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 21:37:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 21:37:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 21:37:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON SX610FW Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFJE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MediaPortal] C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe File not found
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AE0125E-3DA4-4677-A345-5E0A465F7A7B}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.04 10:27:04 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner board
[2012.04.04 08:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.04 08:22:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.04 08:20:40 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam--setup-1.60.1.1000.exe
[2012.04.03 09:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.03 09:18:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.04.03 09:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.03 09:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.24 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\My Games
[2012.03.11 12:33:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Country midi
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.04 18:08:06 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012.04.04 15:50:21 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.04 15:50:21 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.04 15:47:13 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.04 15:47:13 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.04 15:47:13 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.04 15:47:13 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.04 15:42:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.04 15:42:40 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.04 10:49:33 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.04.04 08:22:14 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.04 08:21:25 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.17 22:47:00 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\hpwebreg_xxxxxxxxxx.job
[2012.03.15 19:48:14 | 000,473,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.04 10:49:33 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.04.04 08:22:14 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.17 15:46:45 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2011.11.27 11:43:47 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.05 17:53:40 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.09.05 17:53:40 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.09.05 17:53:40 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.09.05 17:53:40 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.09.05 17:53:39 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.09.05 17:53:39 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.09.05 17:53:39 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.09.05 17:53:39 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.09.05 17:53:39 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.09.05 17:53:39 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.09.05 17:53:39 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.09.05 17:53:39 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.09.05 17:53:39 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.09.05 17:53:39 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.09.05 17:53:39 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.09.05 17:53:39 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.09.05 17:53:39 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.09.05 17:53:39 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.09.05 17:53:39 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.03.19 16:22:08 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.02.20 13:53:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.28 16:48:08 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.01.28 15:27:27 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2010.12.02 22:19:27 | 000,004,133 | ---- | C] () -- C:\ProgramData\mxnhytee.feu
[2010.12.02 22:15:18 | 000,069,707 | ---- | C] () -- C:\Windows\System32\DISP_OPT1.dll
[2010.12.02 21:05:12 | 000,000,266 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010.11.26 14:03:28 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.11.23 18:53:44 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\chrtmp
[2010.10.25 09:50:45 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.10.25 09:50:35 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.10.25 09:50:06 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.10.25 09:50:01 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.10.25 09:50:01 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.09.10 08:46:20 | 000,196,044 | ---- | C] () -- C:\Users\***\AppData\Local\rx_audio.Cache
[2010.08.13 15:29:28 | 004,672,112 | ---- | C] () -- C:\Users\***\AppData\Local\rx_image.Cache
[2010.07.22 16:37:11 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.05.21 11:38:54 | 000,202,234 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.05.21 11:38:54 | 000,002,023 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== LOP Check ==========
 
[2012.03.03 10:32:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.11.27 17:59:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\atunes
[2011.08.12 19:02:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__
[2011.09.05 18:22:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson
[2011.09.12 15:37:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HappyFoto
[2011.03.27 19:06:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media
[2010.07.22 19:08:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.04.03 21:21:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MiniLyrics
[2010.08.18 21:22:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mquadr.at
[2010.08.15 19:00:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.11.27 16:16:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Songbird2
[2011.04.08 20:21:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE
[2011.08.08 19:51:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011.09.30 20:32:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2010.07.31 22:49:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems
[2011.04.09 21:20:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WordToPDF
[2012.04.04 18:08:06 | 000,000,242 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2012.02.13 16:19:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.07.22 16:16:47 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012.01.31 20:13:13 | 000,000,000 | ---D | M] -- C:\CFLog
[2010.07.22 16:15:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.04.03 21:16:24 | 000,000,000 | ---D | M] -- C:\dvbdream
[2012.03.17 15:33:35 | 000,000,000 | ---D | M] -- C:\Lyrics
[2010.07.23 13:45:38 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.08.28 13:48:06 | 000,000,000 | ---D | M] -- C:\oldgames
[2011.08.13 12:55:41 | 000,000,000 | ---D | M] -- C:\ProgDVB6
[2011.08.12 16:57:02 | 000,000,000 | ---D | M] -- C:\ProgFinder
[2012.04.03 21:12:01 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.03 21:12:28 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.07.22 16:15:18 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.07.22 16:15:18 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.04.04 19:17:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.27 21:31:02 | 000,000,000 | ---D | M] -- C:\Temp
[2011.03.19 16:22:28 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.04 09:11:52 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.04.07 04:13:10 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.04.04 10:49:33 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.04.04 19:17:51 | 003,407,872 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2012.04.04 19:17:51 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1
[2010.07.22 16:16:20 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2
[2010.07.22 20:08:47 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.07.22 20:08:47 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.07.22 20:08:47 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.04.03 22:44:35 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{f2c76455-7dba-11e1-aafd-6c626d4edeb3}.TM.blf
[2012.04.03 22:44:35 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{f2c76455-7dba-11e1-aafd-6c626d4edeb3}.TMContainer00000000000000000001.regtrans-ms
[2012.04.03 22:44:35 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{f2c76455-7dba-11e1-aafd-6c626d4edeb3}.TMContainer00000000000000000002.regtrans-ms
[2010.07.22 16:16:22 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

< End of report >
         
Angehängte Dateien
Dateityp: txt Extras.Txt (37,7 KB, 178x aufgerufen)

Alt 04.04.2012, 19:54   #5
markusg
/// Malware-holic
 
TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 - Standard

TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.04.2012, 20:56   #6
AndiG
 
TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 - Standard

TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32



Alles lief gut
Log:
Code:
ATTFilter
ComboFix 12-04-04.02 - *** 04.04.2012  20:33:49.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3326.2080 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20100929.txt
c:\cflog\CrashLog_20110217.txt
c:\cflog\CrashLog_20110220.txt
c:\cflog\CrashLog_20120131.txt
C:\install.exe
c:\users\***\AppData\Roaming\chrtmp
c:\windows\IsUn0407.exe
c:\windows\system32\~GLH00ba.TMP
c:\windows\system32\~GLH00ce.TMP
c:\windows\system32\~GLH00cf.TMP
c:\windows\system32\~GLH00d0.TMP
c:\windows\system32\~GLH00d1.TMP
c:\windows\system32\~GLH00d2.TMP
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-04 bis 2012-04-04  ))))))))))))))))))))))))))))))
.
.
2012-04-04 18:38 . 2012-04-04 18:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-04 18:38 . 2012-04-04 18:38	--------	d-----w-	c:\users\Mcx1-***-PC\AppData\Local\temp
2012-04-04 18:31 . 2012-04-04 18:31	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE4A5949-EFC6-4D20-AD7F-AF86FE6D87E0}\offreg.dll
2012-04-04 06:22 . 2011-12-10 13:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-04 06:18 . 2012-03-20 01:53	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE4A5949-EFC6-4D20-AD7F-AF86FE6D87E0}\mpengine.dll
2012-04-03 07:25 . 2012-04-03 19:16	--------	d-----w-	c:\program files\CCleaner
2012-04-03 07:18 . 2012-04-03 07:18	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-04-03 07:12 . 2012-04-03 07:12	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-03 07:12 . 2012-04-04 06:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-24 16:52 . 2012-03-24 16:52	--------	d-----w-	c:\users\***\AppData\Local\My Games
2012-03-24 14:30 . 2012-03-24 14:30	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 21:09 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-14 21:09 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 15:20 . 2012-02-03 03:54	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 15:20 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-13 17:24 . 2012-01-25 05:32	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-13 17:24 . 2012-01-25 05:32	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:24 . 2012-01-25 05:27	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:24 . 2012-02-17 05:34	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-13 17:24 . 2012-02-17 04:14	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:24 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 17:07 . 2010-05-21 09:29	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-23 07:18 . 2010-01-26 14:37	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-16 10:04 . 2011-10-18 08:29	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-09 18:08 . 2010-10-25 07:50	139080	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-02-09 18:08 . 2010-10-25 07:58	270240	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-02-09 18:08 . 2010-10-25 07:50	270240	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-02-04 20:21 . 2010-10-25 07:50	270240	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-02-18 19:37 . 2011-10-08 12:07	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45	2355224	----a-w-	c:\program files\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
"Akamai NetSession Interface"="c:\users\***\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2010-01-12 75048]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2011-08-20 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-10-23 210216]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 GeniaNet;GeniaNet Ethernet Controller;c:\windows\system32\DRIVERS\GeniaNet.sys [2009-10-01 23552]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-15 3700176]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-18 1343400]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
R3 XDva366;XDva366;c:\windows\system32\XDva366.sys [x]
R3 XDva367;XDva367;c:\windows\system32\XDva367.sys [x]
R3 XDva368;XDva368;c:\windows\system32\XDva368.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva372;XDva372;c:\windows\system32\XDva372.sys [x]
R3 XDva374;XDva374;c:\windows\system32\XDva374.sys [x]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R3 XDva377;XDva377;c:\windows\system32\XDva377.sys [x]
R3 XDva379;XDva379;c:\windows\system32\XDva379.sys [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R3 XDva382;XDva382;c:\windows\system32\XDva382.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R3 XDva384;XDva384;c:\windows\system32\XDva384.sys [x]
R3 XDva385;XDva385;c:\windows\system32\XDva385.sys [x]
R3 XDva386;XDva386;c:\windows\system32\XDva386.sys [x]
R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x]
R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/12/02 19:59];c:\program files\CyberLink\PowerDVD8\000.fcl [2010-01-12 22:08 87536]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 CYDTV_SRV;cydtv Driver;c:\windows\system32\drivers\cydtv.sys [2009-11-30 430720]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-04 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-01-23 13:03]
.
2012-03-17 c:\windows\Tasks\hpwebreg_xxxxxxxxxx.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\hpwebreg.exe [2010-02-02 09:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\cag6uqjh.default\
FF - prefs.js: browser.startup.homepage - www.google.at
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-MediaPortal - c:\program files\Team MediaPortal\MediaPortal\MediaPortal.exe
SafeBoot-BsScanner
AddRemove-MIDI Eddie - c:\windows\unin0407.exe
AddRemove-sc11-AT_ORF_MAIN - c:\users\***\Desktop\Andreas\gta\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-373001531-4002456211-758345600-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d5,37,0e,4e,0d,17,6e,75,4a,5b,64,18,80,7a,95,2b,03,a1,f6,ae,fd,0d,25,
   b5,8d,a8,ee,67,3a,91,f7,60,c8,6d,22,4a,f5,0d,45,91,e4,05,6a,91,bf,4f,e2,9c,\
"??"=hex:51,92,ce,0f,a0,61,76,1a,b3,c8,9b,e0,05,2e,95,a9
.
[HKEY_USERS\S-1-5-21-373001531-4002456211-758345600-1000\Software\SecuROM\License information*]
"datasecu"=hex:d0,d9,b5,ee,a4,e6,0b,dd,92,ea,5a,9f,0f,60,8d,ff,76,26,b1,42,15,
   76,fd,b7,0c,89,ba,42,54,42,0d,a7,b1,6a,e7,6c,22,b7,01,7a,88,bb,3e,4e,13,4f,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-04  20:41:15
ComboFix-quarantined-files.txt  2012-04-04 18:41
.
Vor Suchlauf: 11 Verzeichnis(se), 822.984.241.152 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 823.489.380.352 Bytes frei
.
- - End Of File - - CBFB0351071A984DA99D37C028FCEB94
         
Ist der Trojaner nun beseitigt?

Alt 05.04.2012, 11:30   #7
markusg
/// Malware-holic
 
TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 - Standard

TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



[CODE]
:OTL
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\aptw53b4o.dll -- (LanmanWorkstation)
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]



• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.04.2012, 19:36   #8
AndiG
 
TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 - Icon31

TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32



Der Log : [CODE]All processes killed
Error: Unable to interpret <
Code:
ATTFilter
> in the current context!
========== OTL ==========
Service LanmanWorkstation stopped successfully!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation deleted successfully.
File %SystemRoot%\System32\aptw53b4o.dll not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Johann
->Flash cache emptied: 892 bytes
 
User: Mcx1-JOHANN-PC
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 4260 bytes
->Temporary Internet Files folder emptied: 6660694 bytes
->Java cache emptied: 5341991 bytes
->FireFox cache emptied: 49889341 bytes
->Opera cache emptied: 188 bytes
->Flash cache emptied: 0 bytes
 
User: Mcx1-***-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 527664 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 60,00 mb
 
 
OTL by OldTimer - Version 3.2.39.2 log created on 04052012_192735

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Gab keine Probleme beim Hochladen des Zip. Ordners.

Vielen Dank für die Hilfe
lg Andi

Alt 05.04.2012, 20:06   #9
markusg
/// Malware-holic
 
TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 - Standard

TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32



danke.
erstelle mir erst mal ein neues otl log bitte und poste es
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.04.2012, 20:34   #10
AndiG
 
TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 - Standard

TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32



Das hier?
Code:
ATTFilter
OTL logfile created on: 05.04.2012 20:29:33 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\***\Desktop\Trojaner board
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 69,21% Memory free
6,50 Gb Paging File | 5,04 Gb Available in Paging File | 77,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 768,72 Gb Free Space | 84,44% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,03 Gb Free Space | 55,17% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.04 17:41:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\Trojaner board\OTL.exe
PRC - [2012.03.13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.11.14 13:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Programme\MyTomTom 3\MyTomTomSA.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.15 17:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.08.15 17:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.04.07 04:12:38 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.04.07 04:12:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.01.13 00:08:36 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared files\brs.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.16 21:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.01.12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2007.08.24 15:52:42 | 000,240,112 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
PRC - [2007.08.24 15:52:02 | 000,018,928 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
PRC - [2007.08.14 03:44:38 | 000,113,136 | ---- | M] () -- C:\Programme\Roxio\CinePlayer\DMXLauncher.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.12.23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.12.23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006.11.29 11:58:14 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.17 18:41:42 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012.02.17 18:41:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.17 18:41:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.17 18:41:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.17 18:40:39 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.17 18:40:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.17 18:40:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.11.14 13:02:08 | 000,202,712 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011.11.14 13:02:06 | 000,063,960 | ---- | M] () -- C:\Programme\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011.11.14 13:01:52 | 007,964,160 | ---- | M] () -- C:\Programme\MyTomTom 3\QtGui4.dll
MOD - [2011.11.14 13:01:52 | 002,648,064 | ---- | M] () -- C:\Programme\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011.11.14 13:01:52 | 002,302,464 | ---- | M] () -- C:\Programme\MyTomTom 3\QtCore4.dll
MOD - [2011.11.14 13:01:52 | 000,980,480 | ---- | M] () -- C:\Programme\MyTomTom 3\QtNetwork4.dll
MOD - [2011.11.14 13:01:52 | 000,357,888 | ---- | M] () -- C:\Programme\MyTomTom 3\QtXml4.dll
MOD - [2011.10.14 15:55:36 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.21 11:50:36 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2010.05.21 11:50:36 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3748.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:36 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.05.21 11:50:36 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:36 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:36 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:36 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3748.36875__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.05.21 11:50:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:36 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3748.36965__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:35 | 001,294,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3748.36959__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,856,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3748.36878__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,655,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3748.36942__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3748.36851__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3748.36900__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.05.21 11:50:35 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3748.36850__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:35 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3748.36892__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.05.21 11:50:35 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3748.36931__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3748.36883__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3748.36855__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:35 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3748.36963__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:34 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:34 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3748.36871__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:34 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.05.21 11:50:34 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3748.36816__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.05.21 11:50:34 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.05.21 11:50:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3748.36877__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:34 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3748.36884__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.05.21 11:50:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3748.36815__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.05.21 11:50:34 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3748.36923__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.05.21 11:50:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010.05.21 11:50:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3748.36818__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.05.21 11:50:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.05.21 11:50:34 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3748.36816__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.05.21 11:50:34 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3748.36820__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.05.21 11:50:34 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3748.36817__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3748.36825__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.05.21 11:50:34 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3748.36928__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3748.36819__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.05.21 11:50:34 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3748.36820__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3748.36826__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.05.21 11:50:34 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3748.36821__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3748.36957__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010.05.21 11:50:33 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3748.36917__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010.05.21 11:50:33 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3748.36843__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.05.21 11:50:33 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3748.36819__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3748.36923__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.05.21 11:50:33 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3748.36921__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.05.21 11:50:33 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3748.36867__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3748.36907__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3748.36941__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3748.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.05.21 11:50:33 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3748.36891__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3748.36876__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3748.36936__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.05.21 11:50:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3748.36820__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.05.21 11:50:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3748.36886__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3748.36818__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.05.21 11:50:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3748.36837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3748.36847__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3748.36882__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3748.36819__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.05.21 11:50:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3748.36825__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3748.36817__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.05.21 11:50:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3748.36843__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3748.36836__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3748.36842__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.05.21 11:50:33 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3748.36929__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3748.36817__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.05.21 11:50:33 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3748.36824__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.05.21 11:50:33 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3748.36822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.05.21 11:50:33 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3748.36822__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.05.21 11:50:32 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3748.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.05.21 11:50:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3748.36824__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.05.21 11:50:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3748.36823__90ba9c70f846762e\APM.Server.dll
MOD - [2010.05.21 11:50:32 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3748.36821__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.05.21 11:50:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3748.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.05.21 11:50:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3748.36830__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.05.21 11:50:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.05.21 11:50:32 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3748.36923__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.05.21 11:50:32 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3748.36831__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.05.21 11:50:32 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3748.36849__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009.08.20 13:35:48 | 007,745,536 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2009.08.20 13:35:46 | 002,121,728 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
MOD - [2009.08.20 13:35:46 | 000,135,168 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.12.22 09:50:28 | 000,135,168 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2007.08.24 15:53:10 | 005,462,512 | ---- | M] () -- C:\Programme\Common Files\Roxio Shared\10.0\DLLShared\roxipp52.dll
MOD - [2007.08.18 01:36:28 | 000,013,312 | ---- | M] () -- C:\Programme\Roxio\Virtual Drive 10\1031\DC_ShellExt.loc
MOD - [2007.08.14 03:44:38 | 000,113,136 | ---- | M] () -- C:\Programme\Roxio\CinePlayer\DMXLauncher.exe
MOD - [2004.07.26 17:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.04 09:16:35 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012.04.04 08:25:08 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.09 21:02:05 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.15 17:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.08.15 18:19:00 | 003,700,176 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.06.18 11:31:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.04.07 04:12:04 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.08.24 15:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007.08.24 15:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007.08.24 15:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007.08.24 15:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007.08.24 15:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva390.sys -- (XDva390)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva386.sys -- (XDva386)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva384.sys -- (XDva384)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva383.sys -- (XDva383)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva382.sys -- (XDva382)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva379.sys -- (XDva379)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva377.sys -- (XDva377)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva374.sys -- (XDva374)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva372.sys -- (XDva372)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva368.sys -- (XDva368)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva367.sys -- (XDva367)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva366.sys -- (XDva366)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva359.sys -- (XDva359)
DRV - File not found [Kernel | System | Unknown] -- C:\Windows\system32\drivers\hidzd72b.sys -- (hidzd72b)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys -- (DSDrv4)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.02.16 12:04:24 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.07 04:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.04.07 03:23:10 | 000,157,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.03.09 12:21:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.01.13 00:08:30 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/12/02 19:59:46] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.11.30 02:00:44 | 000,430,720 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cydtv.sys -- (CYDTV_SRV)
DRV - [2009.10.01 18:54:56 | 000,023,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GeniaNet.sys -- (GeniaNet)
DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.08.18 03:09:04 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0FC9169B-F436-489F-873A-7FAF8ABA4140}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.03 21:16:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.11.27 16:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.08.08 19:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.11.27 16:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.03.19 18:35:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cag6uqjh.default\extensions
[2011.12.29 20:51:51 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cag6uqjh.default\extensions\battlefieldheroespatcher@ea.com
[2012.04.03 21:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.16 19:44:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.03 21:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CAG6UQJH.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.02.18 21:37:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.18 21:37:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.18 21:37:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.18 21:37:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 21:37:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 21:37:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 21:37:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.04 20:39:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AE0125E-3DA4-4677-A345-5E0A465F7A7B}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.05 19:27:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.04 20:41:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.04.04 20:41:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.04.04 20:32:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.04.04 20:32:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.04.04 20:32:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.04.04 20:32:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.04.04 20:32:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.04 10:27:04 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner board
[2012.04.04 08:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.04 08:22:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.04 08:20:40 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam--setup-1.60.1.1000.exe
[2012.04.03 09:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.04.03 09:18:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.04.03 09:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.03 09:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.24 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\My Games
[2012.03.14 23:09:57 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.03.14 23:09:56 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.03.14 17:20:52 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.14 17:20:50 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.13 19:24:20 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.13 19:24:20 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.13 19:24:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.13 19:24:17 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.03.11 12:33:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Country midi
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.05 19:36:42 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.05 19:36:42 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.05 19:34:11 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.05 19:34:11 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.05 19:34:11 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.05 19:34:11 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.05 19:29:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.05 19:29:11 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.05 18:08:02 | 000,000,242 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2012.04.04 21:47:01 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\hpwebreg_xxxxxxxxxx.job
[2012.04.04 20:39:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.04.04 10:49:33 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.04.04 08:22:14 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.04 08:21:25 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam--setup-1.60.1.1000.exe
[2012.03.15 19:48:14 | 000,473,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.04 20:32:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.04.04 20:32:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.04.04 20:32:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.04.04 20:32:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.04.04 20:32:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.04.04 10:49:33 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.04.04 08:22:14 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.17 15:46:45 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2011.11.27 11:43:47 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.05 17:53:40 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.09.05 17:53:40 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.09.05 17:53:40 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.09.05 17:53:40 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.09.05 17:53:39 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.09.05 17:53:39 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.09.05 17:53:39 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.09.05 17:53:39 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.09.05 17:53:39 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.09.05 17:53:39 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.09.05 17:53:39 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.09.05 17:53:39 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.09.05 17:53:39 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.09.05 17:53:39 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.09.05 17:53:39 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.09.05 17:53:39 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.09.05 17:53:39 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.09.05 17:53:39 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.09.05 17:53:39 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.03.19 16:22:08 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.02.20 13:53:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.28 16:48:08 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.01.28 15:27:27 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2010.12.02 22:19:27 | 000,004,133 | ---- | C] () -- C:\ProgramData\mxnhytee.feu
[2010.12.02 22:15:18 | 000,069,707 | ---- | C] () -- C:\Windows\System32\DISP_OPT1.dll
[2010.12.02 21:05:12 | 000,000,266 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010.11.26 14:03:28 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.10.25 09:50:45 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.10.25 09:50:35 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.10.25 09:50:06 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.10.25 09:50:01 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.10.25 09:50:01 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.09.10 08:46:20 | 000,196,044 | ---- | C] () -- C:\Users\***\AppData\Local\rx_audio.Cache
[2010.08.13 15:29:28 | 004,672,112 | ---- | C] () -- C:\Users\***\AppData\Local\rx_image.Cache
[2010.07.22 16:37:11 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.05.21 11:38:54 | 000,202,234 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.05.21 11:38:54 | 000,002,023 | ---- | C] () -- C:\Windows\System32\atipblag.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

< End of report >
         

Alt 06.04.2012, 19:39   #11
markusg
/// Malware-holic
 
TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 - Standard

TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
SRV - [2011.12.09 21:02:05 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32
4d36e972-e325-11ce-bfc1-08002be10318, antivir, avg, avira, booten, ccc.exe, cpu, dateisystem, desktop, error, flash player, helper, heuristiks/extra, heuristiks/shuriken, malware, malware bytes, mom.exe, mozilla, nt.dll, programm, prozesse, pup.bundleoffer.downloader.s, pup.toolbardownloader, realtek, recover, registry, schutz, server, services.exe, software, svchost.exe, system, system32, taskhost.exe, tr/atraps.gen, tr/crypt.zpack.gen2, trojaner, usb, usb 2.0, verweise, visual studio, warnung, windows, windows 7 home, windows 7 home premium, winload toolbar



Ähnliche Themen: TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32


  1. Windows 7 (64bit): TR/Crypt.ZPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 20.09.2015 (3)
  2. WIEDERKEHRENDE TROJANER NAMENS TR/Necurs.A.49; TR/ATRAPS.Gen; TR/ATRAPS.Gen2, TR/Rootkit.Gen; TR/Crypt.ZPACK.Gen.+ DANKE! +
    Log-Analyse und Auswertung - 02.12.2012 (49)
  3. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  4. W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (2)
  5. Avira findet TR/Kazy.81861, TR/Crypt.ZPACK.Gen2, TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 02.08.2012 (1)
  6. Wie entferne ich TR/Small.Fl, TR/KAZY.77458,TR.ATRAPS.Gen2, TR/Crypt.ZPACK.Gen8?
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (9)
  7. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 28.07.2012 (25)
  8. Trojanerbeseitigung: TR/ATRAPS.GEN, TR/ATRAPS.GEN2 und TR/Crypt.ZPACK. Gen8 auf dem PC.
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (2)
  9. TR/Small.FI, TR/ATRAPS.Gen, TR/ATRAPS.GEN2 und W32/Patched.UA in "C:\Windows\System32\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (15)
  10. TR/Crypt.ZPACK.Gen2 in C:\WINDOWS\system32\jpgvve4z.dll
    Log-Analyse und Auswertung - 15.04.2012 (14)
  11. TR/Crypt.ZPACK.Gen2 in C:\WINDOWS\system32\jpglkaly.dll
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (3)
  12. Avira: findet TR/ATRAPS.Gen2 in C:\WINDOWS\system32\odb.dll
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (1)
  13. TR/Crypt.ZPACK.Gen2 Trojan wurde von Avira gefunden c:\windows\system32\sshnaS21.dll
    Plagegeister aller Art und deren Bekämpfung - 31.03.2011 (1)
  14. TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\dbjrhi.sys
    Plagegeister aller Art und deren Bekämpfung - 22.06.2010 (12)
  15. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  16. TR/Crypt.ZPACK.Gen in C:\windows\system32\msekgh.exe
    Plagegeister aller Art und deren Bekämpfung - 02.03.2010 (5)
  17. 'TR/Crypt.ZPACK.Gen' in der Datei 'C:\WINDOWS\System32\twext.exe'
    Plagegeister aller Art und deren Bekämpfung - 31.08.2009 (2)

Zum Thema TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 - Hallo ich bin der Andi und habe folgendes Problem. Mein Virenschutz ( Avira Antivir - gratis Version) meldet seit einigen Tagen nach dem Booten des Pcs, dass ein Trojaner im - TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32...
Archiv
Du betrachtest: TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.