Polizei-Trojaner Österreich mit Webcam, wie für immer entfernen?

swoffus · 17.07.2012, 17:04

Hallo Anti-Trojaner Team!

Habe jetzt auch den Polizei-Trojaner mit Webcam eingefangen! Juhu....

Alles erstellte sende ich gleich mit und hoffe auf baldige Hilfe.
Danke im voraus!
Swoffus
OTL:

Code:

ATTFilter

OTL logfile created on: 17.07.2012 17:06:51 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Hauser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 80,14% Memory free
6,34 Gb Paging File | 5,80 Gb Available in Paging File | 91,50% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 214,84 Gb Total Space | 188,79 Gb Free Space | 87,87% Space Free | Partition Type: NTFS
Drive D: | 250,91 Gb Total Space | 250,52 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive F: | 1,95 Gb Total Space | 1,39 Gb Free Space | 71,45% Space Free | Partition Type: FAT
Drive Y: | 465,75 Gb Total Space | 416,94 Gb Free Space | 89,52% Space Free | Partition Type: NTFS
Drive Z: | 465,75 Gb Total Space | 416,94 Gb Free Space | 89,52% Space Free | Partition Type: NTFS
 
Computer Name: ASUSMINI | User Name: Hauser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.17 15:52:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hauser\Desktop\OTL.exe
PRC - [2012.06.21 17:36:20 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.11.03 20:25:08 | 008,094,080 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.11.03 20:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.10.07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2008.04.24 17:14:22 | 000,327,680 | ---- | M] () -- C:\Programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.31 15:03:40 | 000,094,208 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfimon.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2001.11.23 12:02:12 | 000,364,544 | ---- | M] (Common Group) -- C:\WINDOWS\twain_32\L3U16\WATCH.exe
PRC - [2001.08.24 12:18:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Gtwatch.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.22 09:31:16 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.21 17:36:20 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 08:49:09 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.14 08:45:29 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:45:22 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.14 08:41:50 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.14 14:00:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.14 14:00:34 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.14 13:42:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.14 13:41:42 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.14 13:41:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011.10.17 10:47:56 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:56 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3548.36811__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:56 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3548.36820__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:55 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3548.36901__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:55 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3548.36868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3548.36869__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:55 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3548.36882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:55 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3548.36820__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:55 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3548.36868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:55 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3548.36863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:55 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3548.36902__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:55 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:54 | 000,823,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3548.36856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:54 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3548.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:54 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3548.36832__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3548.36821__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3548.36850__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3548.36836__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3548.36862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3531.24440__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3531.24439__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3531.24478__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3531.24559__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3531.24552__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3531.24471__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3531.24549__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.10.17 10:47:52 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3531.24451__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3531.24414__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3531.24511__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3531.24504__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3531.24510__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.10.17 10:47:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3531.24538__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3531.24410__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3531.24476__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3531.24412__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3531.24636__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.10.17 10:47:52 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3531.24499__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3531.24495__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3531.24442__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3531.24506__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3531.24449__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3531.24426__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3531.24472__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3531.24466__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3531.24494__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3531.24455__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3531.24498__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3531.24460__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3548.36926__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011.10.17 10:47:51 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.10.17 10:47:51 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3548.36896__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.10.17 10:47:51 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3548.36894__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.10.17 10:47:51 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3531.24503__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3531.24502__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3548.36907__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.10.17 10:47:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3531.24420__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.10.17 10:47:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3531.24509__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3531.24429__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.10.17 10:47:51 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3531.24467__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3531.24462__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.10.17 10:47:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3531.24435__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011.10.17 10:47:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3531.24459__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.10.17 10:47:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3531.24469__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.10.17 10:47:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3531.24441__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011.10.17 10:47:51 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011.10.17 10:47:51 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.10.17 10:47:50 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3548.36816__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.10.17 10:47:50 | 000,561,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3548.36890__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.10.17 10:47:50 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.10.17 10:47:50 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3548.36807__90ba9c70f846762e\APM.Server.dll
MOD - [2011.10.17 10:47:50 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3548.36810__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.10.17 10:47:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3531.24457__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.10.17 10:47:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3548.36808__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.10.17 10:47:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3531.24445__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.10.17 10:47:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.10.17 10:47:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3531.24463__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.10.17 10:47:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3531.24513__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011.10.17 10:47:50 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3548.36896__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.10.07 11:41:16 | 000,879,896 | ---- | M] () -- C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.24 17:14:22 | 000,327,680 | ---- | M] () -- C:\Programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2002.11.26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
MOD - [2001.08.24 12:18:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Gtwatch.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.21 17:36:20 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.11.03 20:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.02.28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.03.07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.03.07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.09.02 08:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011.09.02 08:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011.09.02 08:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010.07.06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.10.21 05:22:32 | 001,425,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.09.19 06:29:38 | 004,477,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.06.24 12:24:34 | 003,734,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2007.08.29 10:47:12 | 000,039,424 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lknuhub.sys -- (LKNUHUB)
DRV - [2007.08.29 10:47:04 | 000,014,848 | ---- | M] (SerComm) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lknucmp.sys -- (LKNUCMP)
DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007.02.14 12:26:54 | 000,012,032 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lknuhst.sys -- (lknuhst)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.07.14 13:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004.05.11 20:11:02 | 000,099,968 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2004.04.28 11:03:08 | 000,328,448 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2001.08.27 11:09:14 | 000,018,120 | ---- | M] (   ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gt681x.sys -- (GT681x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.21 17:36:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2012.06.14 17:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Extensions
[2012.07.17 13:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\extensions
[2012.06.14 17:27:17 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.06.14 17:42:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.17 13:29:29 | 000,000,000 | ---D | M] (Youtube Watch In Sidebar) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\extensions\{bac96ae2-1515-4b15-906f-f13a9f682c83}
[2012.06.18 12:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.18 12:32:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.06.14 17:42:44 | 000,015,162 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HAUSER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KXEKX8ZF.DEFAULT\EXTENSIONS\{988DA70D-B78D-44A1-A9C7-ED11832A9E2E}.XPI
[2012.07.17 13:29:27 | 000,095,026 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HAUSER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KXEKX8ZF.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
[2012.06.21 17:36:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Hauser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Hauser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Hauser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.10.17 12:43:23 | 000,440,060 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 15140 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] C:\WINDOWS\Gtwatch.exe ()
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EvtMgr6] C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PSDiagnosticM] C:\Programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Watch.lnk = C:\WINDOWS\twain_32\L3U16\WATCH.exe (Common Group)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE0561C8-544A-4A1D-9326-A77E7867CF94}: NameServer = 10.0.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.17 10:13:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.17 17:02:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hauser\Startmenü\Programme\CyberLink PowerDVD
[2012.07.17 16:16:49 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.07.17 16:16:28 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Hauser\Desktop\esetsmartinstaller_enu.exe
[2012.07.17 15:52:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hauser\Desktop\OTL.exe
[2012.07.17 14:59:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Malwarebytes
[2012.07.17 14:59:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.17 14:59:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.17 14:59:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.17 14:59:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.07.17 13:27:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012.07.05 16:08:11 | 000,000,000 | ---D | C] -- C:\Programme\ConvertHelper
[2012.06.18 14:29:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.06.18 12:31:51 | 000,000,000 | ---D | C] -- C:\Programme\Java
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 17:02:01 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 17:01:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.17 16:58:19 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.07.17 16:44:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Hauser\defogger_reenable
[2012.07.17 16:43:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 16:41:35 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\Defogger.exe
[2012.07.17 16:40:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.17 16:16:28 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Hauser\Desktop\esetsmartinstaller_enu.exe
[2012.07.17 15:52:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hauser\Desktop\OTL.exe
[2012.07.17 14:59:11 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 13:59:15 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2012.07.17 13:27:10 | 000,001,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Hauser\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.17 13:06:22 | 000,004,334 | ---- | M] () -- C:\WINDOWS\DMS.INI
[2012.07.17 13:06:22 | 000,000,025 | ---- | M] () -- C:\WINDOWS\DMS1.INI
[2012.07.13 09:49:43 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.13 09:40:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.12 19:44:35 | 000,001,783 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.18 12:31:35 | 000,449,236 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.18 12:31:35 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.18 12:31:35 | 000,080,550 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.18 12:31:35 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.17 16:44:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\defogger_reenable
[2012.07.17 16:41:34 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\Defogger.exe
[2012.07.17 14:59:11 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 13:27:10 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2012.07.17 13:27:10 | 000,001,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.06.21 17:37:34 | 1899,255,808 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\Atmen.mpeg
[2012.06.06 11:58:07 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.16 12:20:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.07 17:30:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2011.11.07 16:40:46 | 000,000,025 | ---- | C] () -- C:\WINDOWS\DMS1.INI
[2011.11.07 16:40:24 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CHIPCLIP.INI
[2011.11.07 16:27:45 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7045n.dat
[2011.11.07 16:27:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011.11.07 16:27:12 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011.11.07 16:27:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2011.11.07 16:25:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011.11.04 19:15:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\Gtwatch.exe
[2011.11.04 19:15:30 | 000,018,120 | ---- | C] (   ) -- C:\WINDOWS\System32\drivers\gt681x.sys
[2011.11.04 19:15:00 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2011.11.04 19:15:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe
[2011.11.04 19:15:00 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2011.11.04 18:57:00 | 000,004,334 | ---- | C] () -- C:\WINDOWS\DMS.INI
[2011.10.17 15:57:42 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.10.17 12:28:58 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.10.17 11:12:06 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\.rnd
[2011.10.17 11:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.10.17 10:48:13 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011.10.17 10:45:28 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.10.17 10:45:28 | 000,195,855 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.10.17 10:45:28 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.10.17 10:43:36 | 000,035,231 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011.10.17 10:43:07 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011.10.17 10:43:05 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011.10.17 10:43:03 | 000,023,462 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.10.17 10:43:03 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.10.17 10:42:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.10.17 10:41:17 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.17 10:15:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.10.17 09:54:30 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== LOP Check ==========
 
[2011.10.17 11:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.03.06 14:15:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Leadertech
[2011.10.17 12:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\pdfforge
[2011.11.04 19:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.01.12 19:01:02 | 000,000,000 | ---- | M] ()(C:\DOKUME~?u) -- C:\DOKUME~팘ŭ
[2012.01.12 19:01:02 | 000,000,000 | ---- | C] ()(C:\DOKUME~?u) -- C:\DOKUME~팘ŭ
[2012.01.12 13:51:42 | 000,000,000 | ---- | M] ()(C:\D??UME~??) -- C:\D逈ଖUME~팘இ
[2012.01.12 13:51:42 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D錈੫
[2012.01.12 13:51:42 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D逈ଖ
[2012.01.12 13:51:42 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D짐ࡈ
[2012.01.12 13:51:42 | 000,000,000 | ---- | C] ()(C:\D??UME~??) -- C:\D逈ଖUME~팘இ
[2012.01.12 13:51:42 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D錈੫
[2012.01.12 13:51:42 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D逈ଖ
[2012.01.12 13:51:42 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D짐ࡈ
[2012.01.12 13:51:23 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D쬘֐
[2012.01.12 13:51:23 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D쌈֐
[2012.01.12 13:51:23 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\Dဈݏ
[2012.01.12 13:51:23 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\Dﺘݑ
[2012.01.12 13:51:23 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D쬘֐
[2012.01.12 13:51:23 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D쌈֐
[2012.01.12 13:51:23 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\Dဈݏ
[2012.01.12 13:51:23 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\Dﺘݑ
[2012.01.12 13:28:44 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D鹨બ
[2012.01.12 13:28:44 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D鹨બ

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 17.07.2012 17:06:51 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Hauser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 80,14% Memory free
6,34 Gb Paging File | 5,80 Gb Available in Paging File | 91,50% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 214,84 Gb Total Space | 188,79 Gb Free Space | 87,87% Space Free | Partition Type: NTFS
Drive D: | 250,91 Gb Total Space | 250,52 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive F: | 1,95 Gb Total Space | 1,39 Gb Free Space | 71,45% Space Free | Partition Type: FAT
Drive Y: | 465,75 Gb Total Space | 416,94 Gb Free Space | 89,52% Space Free | Partition Type: NTFS
Drive Z: | 465,75 Gb Total Space | 416,94 Gb Free Space | 89,52% Space Free | Partition Type: NTFS
 
Computer Name: ASUSMINI | User Name: Hauser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"54925:UDP" = 54925:UDP:*:Enabled:Brother Network Scanner
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"\\Kassa\Software\Printer\Brother_DCP7045N\mflpro\Data\Disk1\Setup.exe" = \\Kassa\Software\Printer\Brother_DCP7045N\mflpro\Data\Disk1\Setup.exe:*:Enabled:Setup.exe
"\\Kassa\Software\LinkSys_PrintServer\Wizard.exe" = \\Kassa\Software\LinkSys_PrintServer\Wizard.exe:*:Enabled:WPSM54G SetupWizard
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04E327BF-D629-3FC1-CCEE-9F9518B90D50}" = CCC Help German
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{1E7E031A-E44D-198E-2571-749695A2482A}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28F3A82E-1C3F-AA24-9CF2-9209933DEC5A}" = CCC Help Chinese Traditional
"{2ACEF0C5-81F0-EB73-0705-38FA53326D32}" = CCC Help Japanese
"{31B34310-D940-01D7-6371-FE06ED996597}" = Catalyst Control Center Graphics Light
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus
"{4555C7E2-1A62-D16E-2464-497B5872EC61}" = CCC Help Spanish
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{481934E5-3515-F503-DA0E-B81E2A0BD5F2}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50387819-495D-2984-FB92-557B132378C7}" = CCC Help Thai
"{55EB7DF0-438A-F57E-5B2E-A5B061E10D91}" = CCC Help Norwegian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DB08CC8-F9A9-0C59-000B-DF964FC293F9}" = CCC Help Danish
"{5FA168A4-44DB-8D5D-3A5A-F61D79952EC3}" = CCC Help Czech
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68C9A973-E85A-5252-DE5B-454CB57623BA}" = ccc-core-preinstall
"{78AB40A5-2477-3406-4C99-61C1B12AAA1A}" = Skins
"{80956AA5-CBCB-19F1-5A10-3AB6448A314A}" = Catalyst Control Center Graphics Full New
"{81F38D43-A320-ED8D-9BDD-E777C3FFC38C}" = CCC Help French
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99E30F96-79A4-23A1-94D1-7F09337ED785}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D509BA5-A0C2-CD9D-0425-9F38C2C03883}" = CCC Help Korean
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5FCE06C-6924-C78B-4604-A30B2271EFF1}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64A2D5-5BE7-A344-CE0A-C5B0B03BF741}" = CCC Help Russian
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C5DE8D-33D0-1BAA-0EAF-52C995238DC9}" = CCC Help Finnish
"{C216CF84-6825-E3EB-9DDD-10361CD71B7F}" = CCC Help Turkish
"{C61244F9-C335-4EE4-BF7B-5CAB855555E3}" = Linksys Wireless-G Print Server
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC023A65-3034-6DF8-4106-B6B52A1D4C53}" = CCC Help Portuguese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF343D-D28D-2411-D934-782BA41C5DF2}" = ccc-core-static
"{D81508A7-402B-2D4E-D0C8-30D9832FEFDC}" = Catalyst Control Center Localization All
"{DB33D8DC-7C43-A847-7A1C-9EB91BBCCDE1}" = CCC Help Swedish
"{E4AB36C7-60B5-742C-13C8-94EE06B79666}" = CCC Help Polish
"{EA13BE11-8E57-DE5D-8617-E2D27B0E7DF8}" = CCC Help Greek
"{ED0D58D7-E222-726F-DF3C-23A6AB22DA9C}" = ccc-utility
"{EDCAE989-2BE6-6875-31E5-9F16F7802530}" = CCC Help English
"{F0AAE3C5-D70C-4F3C-8B6A-EC3992921031}" = Nero 8 Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA1CD581-6B71-983C-0159-A1C52761DC84}" = CCC Help Chinese Standard
"{FC602DF8-0A39-9D39-803A-F374CE1B4D4B}" = CCC Help Hungarian
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Hardlock Device Drivers" = Hardlock Device Drivers
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"ScanExpress A3 USB v1.0" = ScanExpress A3 USB v1.0
"sp6" = Logitech SetPoint 6.32
"ST6UNST #1" = Rothballer Version 2006
"TeamViewer 6" = TeamViewer 6
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.07.2012 06:27:41 | Computer Name = ASUSMINI | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 17.07.2012 07:06:47 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung MSACCESS.EXE, Version 11.0.8204.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 10:58:28 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 10:58:39 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 10:58:45 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 10:59:17 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 10:59:25 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 10:59:40 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 11:00:04 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 11:00:19 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 13.07.2012 08:46:20 | Computer Name = ASUSMINI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E8933C4B-2C90-4A04-A677-E958D9509F1A}
 
 
< End of report >

Gmer:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-17 17:31:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HD502HJ rev.1AJ10001
Running: idvbyxll.exe; Driver: C:\DOKUME~1\Hauser\LOKALE~1\Temp\aglirpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                           section is writeable [0xB7910000, 0x21F047, 0xE8000020]
.text                                                                                                                                 C:\WINDOWS\system32\drivers\hardlock.sys                                           section is writeable [0xA76B5400, 0x82482, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA7755420]  C:\WINDOWS\system32\drivers\hardlock.sys                                           entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA7755420]
.protectÿÿÿÿhardlockunknown last code section [0xA7755200, 0x5105, 0xE0000020]                                                        C:\WINDOWS\system32\drivers\hardlock.sys                                           unknown last code section [0xA7755200, 0x5105, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\Programme\Mozilla Firefox\firefox.exe[3592] ntdll.dll!LdrLoadDll                7C92632D 5 Bytes  JMP 0115FA35 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text                                                                                                                                 C:\Programme\Mozilla Firefox\firefox.exe[3592] kernel32.dll!VirtualAlloc           7C809AF1 5 Bytes  JMP 014007C5 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text                                                                                                                                 C:\Programme\Mozilla Firefox\firefox.exe[3592] kernel32.dll!MapViewOfFile          7C80B9A5 5 Bytes  JMP 0140079E C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text                                                                                                                                 C:\Programme\Mozilla Firefox\firefox.exe[3592] GDI32.dll!CreateDIBSection          77EF9E19 5 Bytes  JMP 01400728 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text                                                                                                                                 C:\Programme\Mozilla Firefox\plugin-container.exe[3856] USER32.dll!GetWindowInfo   7E37C49C 5 Bytes  JMP 1043AEF3 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text                                                                                                                                 C:\Programme\Mozilla Firefox\plugin-container.exe[3856] USER32.dll!TrackPopupMenu  7E3B531E 5 Bytes  JMP 1043B50D C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \FileSystem\Ntfs \Ntfs                                                             aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device                                                                                                                                \Driver\aksusb \Device\0000007f                                                    AKSCLASS.SYS (Aladdin Class Driver/Aladdin Knowledge Systems)

AttachedDevice                                                                                                                        \FileSystem\Fastfat \Fat                                                           aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

AntiMal:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.17.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Hauser :: ASUSMINI [Administrator]

17.07.2012 15:13:58
mbam-log-2012-07-17 (15-16-58).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197856
Laufzeit: 2 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Dokumente und Einstellungen\Hauser\Startmenü\Programme\Autostart\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)

und noch einer:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.17.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Hauser :: ASUSMINI [Administrator]

17.07.2012 17:35:25
mbam-log-2012-07-17 (17-35-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197871
Laufzeit: 1 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Bitte sagt mir was ich zu tun habe, danke!

Hallo nochmal! Habe hier nochmal der vollständige aktuelle Malwarescan!

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.18.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Hauser :: ASUSMINI [Administrator]

18.07.2012 13:29:01
mbam-log-2012-07-18 (13-29-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235104
Laufzeit: 8 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und der esetlog:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9be65d55463a5c41b3ad8170e45616fe
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-17 02:33:02
# local_time=2012-07-17 04:33:02 (+0100, Westeuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=34133
# found=2
# cleaned=0
# scan_time=845
C:\Dokumente und Einstellungen\Hauser\Lokale Einstellungen\Temp\A9R28F3.tmp	JS/Exploit.Pdfka.PNC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I

Falls noch etwas fehlt bzw. nicht in Ordnung ist, gebt mir bitte bescheid.
Weiß nicht ob ich das alles so richtig gemacht habe...
Danke & Grüsse
Swoffus

Larusso · 18.07.2012, 13:57

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.

Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

swoffus · 18.07.2012, 15:24

Danke schon mal im vorhinein für Deine Bemühungen, mir zu helfen!

Ich habe Combofix laufen lassen und das ist das Ergebnis:
(hoffe ich habe alle Antivirusprogramme und ähnliches deaktivieren können - wie finde ich das heraus?)

Combofix:

Code:

ATTFilter

ComboFix 12-07-18.01 - Hauser 18.07.2012  15:33:14.1.3 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3326.2523 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Hauser\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-18 bis 2012-07-18  ))))))))))))))))))))))))))))))
.
.
2012-07-17 14:16 . 2012-07-17 14:16	--------	d-----w-	c:\programme\ESET
2012-07-17 12:59 . 2012-07-17 12:59	--------	d-----w-	c:\dokumente und einstellungen\Hauser\Anwendungsdaten\Malwarebytes
2012-07-17 12:59 . 2012-07-17 12:59	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-07-17 12:59 . 2012-07-17 12:59	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-07-17 12:59 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-17 11:27 . 2012-07-17 11:27	--------	d-----w-	c:\windows\Sun
2012-07-05 14:08 . 2012-07-05 14:08	--------	d-----w-	c:\programme\ConvertHelper
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 07:31 . 2012-04-05 09:31	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-22 07:31 . 2011-10-17 10:25	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-18 10:31 . 2012-06-18 10:32	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-06-18 10:31 . 2012-06-18 10:32	476936	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-18 10:31 . 2011-10-17 10:26	472840	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-13 13:55 . 2008-04-14 12:00	1866240	----a-w-	c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-14 12:00	1372672	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-14 12:00	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2011-10-17 07:55	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-10-17 07:55	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-10-17 07:55	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-06 17:24	18456	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2011-10-17 07:55	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-10-17 07:55	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 17:24	15896	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-04-14 12:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24	23576	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-10-17 07:55	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-10-17 07:55	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 12:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2008-04-14 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2008-04-14 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2008-04-14 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00	385024	------w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-14 12:00	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 07:30	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-10-17 07:53	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-21 15:36 . 2012-06-14 15:24	85472	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-11-18 33697792]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 98304]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\programme\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Gtwatch"="c:\windows\gtwatch.exe" [2001-08-24 45056]
"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"PSDiagnosticM"="c:\programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2008-04-24 327680]
"EvtMgr6"="c:\programme\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Hauser\Startmenü\Programme\Autostart\
ctfmon.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Watch.lnk - c:\windows\twain_32\L3U16\WATCH.exe [2011-11-4 364544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03	66328	----a-w-	c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Programme\\Linksys Wireless-G Print Server\\PSDiagnosticM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner
.
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [06.03.2012 14:15 12184]
R2 TeamViewer6;TeamViewer 6;c:\programme\TeamViewer\Version6\TeamViewer_Service.exe [03.11.2011 20:25 2358656]
R3 GT681x;%GrandTechICNameNT%;c:\windows\system32\drivers\gt681x.sys [04.11.2011 19:15 18120]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [02.09.2011 08:31 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [02.09.2011 08:31 12184]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [07.11.2011 17:18 12032]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [07.11.2011 17:18 39424]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [17.10.2011 10:44 1425280]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [04.06.2012 16:28 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [04.06.2012 16:28 136176]
S3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [07.11.2011 17:18 14848]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [14.06.2012 17:24 113120]
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-06-04 14:28]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-06-04 14:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{AE0561C8-544A-4A1D-9326-A77E7867CF94}: NameServer = 10.0.1.254
FF - ProfilePath - c:\dokumente und einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-LightScribe Control Panel - c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-18 15:34
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3900)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-07-18  15:35:44
ComboFix-quarantined-files.txt  2012-07-18 13:35
.
Vor Suchlauf: 6 Verzeichnis(se), 202.865.885.184 Bytes frei
Nach Suchlauf: 7 Verzeichnis(se), 203.218.948.096 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - DA2B971C731EC8514E6BDBB3A0DA9268

Hoffe es passt so!

Beim Neustart ist dieses Problem aufgetaucht - kann man das auch irgendwie beheben?
Meldung:
Fehler beim Laden von C:\DOKUM~1\Hauser\LOKALE~1\Temp\wpbt0.dll
Das angegebene Modul wurde nicht gefunden.

Weiß nicht/noch nicht ob das umbedingt benötigt wird...
Hoffe Du (passt das mit dem du?) kannst mir da auch weiterhelfen, denn ich bin auf dem
Gebiet nicht wirklich versiert.

Larusso · 18.07.2012, 17:28

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:

BleepingComputer.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die

+ R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

File::
c:\dokumente und einstellungen\Hauser\Startmenü\Programme\Autostart\ctfmon.lnk
ClearJavaCache::

Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:

Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Ich sehe in den Logfiles keine laufende Anti Viren Software.

Das ist gefährlich. Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund. Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs.

Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

swoffus · 19.07.2012, 09:39

Hallo Daniel, ich hoffe ich habe alles korrekt ausgeführt!
Anbei die Logs...

Combofix:

Code:

ATTFilter

ComboFix 12-07-18.04 - Hauser 19.07.2012  10:25:08.2.3 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3326.2671 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Hauser\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Hauser\Desktop\CFScript.txt
.
FILE ::
"c:\dokumente und einstellungen\Hauser\Startmenü\Programme\Autostart\ctfmon.lnk"
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-19 bis 2012-07-19  ))))))))))))))))))))))))))))))
.
.
2012-07-17 14:16 . 2012-07-17 14:16	--------	d-----w-	c:\programme\ESET
2012-07-17 12:59 . 2012-07-17 12:59	--------	d-----w-	c:\dokumente und einstellungen\Hauser\Anwendungsdaten\Malwarebytes
2012-07-17 12:59 . 2012-07-17 12:59	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-07-17 12:59 . 2012-07-17 12:59	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-07-17 12:59 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-17 11:27 . 2012-07-17 11:27	--------	d-----w-	c:\windows\Sun
2012-07-05 14:08 . 2012-07-05 14:08	--------	d-----w-	c:\programme\ConvertHelper
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 07:31 . 2012-04-05 09:31	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-06-22 07:31 . 2011-10-17 10:25	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-18 10:31 . 2012-06-18 10:32	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-06-18 10:31 . 2012-06-18 10:32	476936	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-18 10:31 . 2011-10-17 10:26	472840	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-13 13:55 . 2008-04-14 12:00	1866240	----a-w-	c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-14 12:00	1372672	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-14 12:00	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2011-10-17 07:55	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-10-17 07:55	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-10-17 07:55	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-06 17:24	18456	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24	15896	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2011-10-17 07:55	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-10-17 07:55	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 17:24	15896	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-04-14 12:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24	23576	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-10-17 07:55	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-10-17 07:55	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 12:00	604160	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2008-04-14 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2008-04-14 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2008-04-14 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00	385024	------w-	c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-14 12:00	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2008-04-14 07:30	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-10-17 07:53	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-21 15:36 . 2012-06-14 15:24	85472	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-18_13.34.53   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-18 15:26 . 2012-07-18 15:26	16384              c:\windows\Temp\Perflib_Perfdata_7d4.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-11-18 33697792]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 98304]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\programme\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-03-25 570664]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Gtwatch"="c:\windows\gtwatch.exe" [2001-08-24 45056]
"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"PSDiagnosticM"="c:\programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2008-04-24 327680]
"EvtMgr6"="c:\programme\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Hauser\Startmenü\Programme\Autostart\
ctfmon.lnk - c:\windows\system32\rundll32.exe [2008-4-14 33792]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Watch.lnk - c:\windows\twain_32\L3U16\WATCH.exe [2011-11-4 364544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03	66328	----a-w-	c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Programme\\Linksys Wireless-G Print Server\\PSDiagnosticM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner
.
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [06.03.2012 14:15 12184]
R2 TeamViewer6;TeamViewer 6;c:\programme\TeamViewer\Version6\TeamViewer_Service.exe [03.11.2011 20:25 2358656]
R3 GT681x;%GrandTechICNameNT%;c:\windows\system32\drivers\gt681x.sys [04.11.2011 19:15 18120]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [02.09.2011 08:31 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [02.09.2011 08:31 12184]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [07.11.2011 17:18 12032]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [07.11.2011 17:18 39424]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [17.10.2011 10:44 1425280]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [04.06.2012 16:28 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [04.06.2012 16:28 136176]
S3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [07.11.2011 17:18 14848]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [14.06.2012 17:24 113120]
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-06-04 14:28]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-06-04 14:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{AE0561C8-544A-4A1D-9326-A77E7867CF94}: NameServer = 10.0.1.254
FF - ProfilePath - c:\dokumente und einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-19 10:26
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-07-19  10:27:34
ComboFix-quarantined-files.txt  2012-07-19 08:27
ComboFix2.txt  2012-07-18 13:35
.
Vor Suchlauf: 6 Verzeichnis(se), 203.210.223.616 Bytes frei
Nach Suchlauf: 7 Verzeichnis(se), 203.203.141.632 Bytes frei
.
- - End Of File - - 74E6F99036C53ADB3B076D408D024CBC

OTL:

Code:

ATTFilter

OTL logfile created on: 19.07.2012 10:32:35 - Run 3
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Hauser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 77,52% Memory free
6,34 Gb Paging File | 5,78 Gb Available in Paging File | 91,26% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 214,84 Gb Total Space | 189,25 Gb Free Space | 88,09% Space Free | Partition Type: NTFS
Drive D: | 250,91 Gb Total Space | 250,52 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive F: | 1,95 Gb Total Space | 1,38 Gb Free Space | 70,75% Space Free | Partition Type: FAT
Drive Y: | 465,75 Gb Total Space | 416,86 Gb Free Space | 89,50% Space Free | Partition Type: NTFS
Drive Z: | 465,75 Gb Total Space | 416,86 Gb Free Space | 89,50% Space Free | Partition Type: NTFS
 
Computer Name: ASUSMINI | User Name: Hauser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 10:27:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.07.17 15:52:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hauser\Desktop\OTL.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.11.03 20:25:08 | 008,094,080 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.11.03 20:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.10.07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2008.04.24 17:14:22 | 000,327,680 | ---- | M] () -- C:\Programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.31 15:03:40 | 000,094,208 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfimon.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2001.11.23 12:02:12 | 000,364,544 | ---- | M] (Common Group) -- C:\WINDOWS\twain_32\L3U16\WATCH.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 10:27:57 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.22 09:31:16 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.14 08:49:09 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.14 08:45:29 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:45:22 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.14 08:41:50 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.14 14:00:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.14 14:00:34 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.14 13:42:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.14 13:41:42 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.14 13:41:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011.10.17 10:47:56 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:56 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3548.36811__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:56 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3548.36820__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:55 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3548.36901__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:55 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3548.36868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3548.36869__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:55 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3548.36882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:55 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3548.36820__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:55 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3548.36868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:55 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3548.36863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:55 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3548.36902__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:55 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:54 | 000,823,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3548.36856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:54 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3548.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:54 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3548.36832__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3548.36821__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3548.36850__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3548.36836__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3548.36862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3531.24440__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3531.24439__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3531.24478__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3531.24559__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3531.24552__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3531.24471__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3531.24549__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.10.17 10:47:52 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3531.24451__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3531.24414__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3531.24511__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3531.24504__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3531.24510__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.10.17 10:47:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3531.24538__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3531.24410__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3531.24476__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3531.24412__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3531.24636__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.10.17 10:47:52 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3531.24499__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3531.24495__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3531.24442__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3531.24506__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3531.24449__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3531.24426__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3531.24472__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3531.24466__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3531.24494__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3531.24455__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3531.24498__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3531.24460__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3548.36926__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011.10.17 10:47:51 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.10.17 10:47:51 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3548.36896__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.10.17 10:47:51 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3548.36894__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.10.17 10:47:51 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3531.24503__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3531.24502__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3548.36907__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.10.17 10:47:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3531.24420__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.10.17 10:47:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3531.24509__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3531.24429__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.10.17 10:47:51 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3531.24467__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3531.24462__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.10.17 10:47:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3531.24435__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011.10.17 10:47:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3531.24459__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.10.17 10:47:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3531.24469__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.10.17 10:47:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3531.24441__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011.10.17 10:47:51 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011.10.17 10:47:51 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.10.17 10:47:50 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3548.36816__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.10.17 10:47:50 | 000,561,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3548.36890__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.10.17 10:47:50 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.10.17 10:47:50 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3548.36807__90ba9c70f846762e\APM.Server.dll
MOD - [2011.10.17 10:47:50 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3548.36810__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.10.17 10:47:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3531.24457__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.10.17 10:47:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3548.36808__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.10.17 10:47:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3531.24445__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.10.17 10:47:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.10.17 10:47:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3531.24463__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.10.17 10:47:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3531.24513__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011.10.17 10:47:50 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3548.36896__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.10.07 11:41:16 | 000,879,896 | ---- | M] () -- C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.24 17:14:22 | 000,327,680 | ---- | M] () -- C:\Programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2002.11.26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 10:27:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.11.03 20:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.02.28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOKUME~1\Hauser\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.09.02 08:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011.09.02 08:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011.09.02 08:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010.07.06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.10.21 05:22:32 | 001,425,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.09.19 06:29:38 | 004,477,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.06.24 12:24:34 | 003,734,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2007.08.29 10:47:12 | 000,039,424 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lknuhub.sys -- (LKNUHUB)
DRV - [2007.08.29 10:47:04 | 000,014,848 | ---- | M] (SerComm) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lknucmp.sys -- (LKNUCMP)
DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007.02.14 12:26:54 | 000,012,032 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lknuhst.sys -- (lknuhst)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.07.14 13:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004.05.11 20:11:02 | 000,099,968 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2004.04.28 11:03:08 | 000,328,448 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2001.08.27 11:09:14 | 000,018,120 | ---- | M] (   ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gt681x.sys -- (GT681x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 10:27:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2012.06.14 17:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Extensions
[2012.07.17 13:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\extensions
[2012.06.14 17:27:17 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.06.14 17:42:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.17 13:29:29 | 000,000,000 | ---D | M] (Youtube Watch In Sidebar) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\extensions\{bac96ae2-1515-4b15-906f-f13a9f682c83}
[2012.06.18 12:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.18 12:32:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.06.14 17:42:44 | 000,015,162 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HAUSER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KXEKX8ZF.DEFAULT\EXTENSIONS\{988DA70D-B78D-44A1-A9C7-ED11832A9E2E}.XPI
[2012.07.17 13:29:27 | 000,095,026 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HAUSER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KXEKX8ZF.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
[2012.07.19 10:27:57 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Hauser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Hauser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Hauser\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.10.17 12:43:23 | 000,440,060 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 15140 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EvtMgr6] C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PSDiagnosticM] C:\Programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Watch.lnk = C:\WINDOWS\twain_32\L3U16\WATCH.exe (Common Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE0561C8-544A-4A1D-9326-A77E7867CF94}: NameServer = 10.0.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.17 10:13:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 10:32:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.07.19 09:55:19 | 004,582,182 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Hauser\Desktop\ComboFix.exe
[2012.07.18 17:26:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hauser\Startmenü\Programme\CyberLink PowerDVD
[2012.07.18 15:32:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.07.18 15:31:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.07.18 15:31:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.07.18 15:31:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.07.18 15:31:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.07.18 15:31:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.18 15:31:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Hauser\Startmenü\Programme\Verwaltung
[2012.07.18 15:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.07.17 16:16:49 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.07.17 16:16:28 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Hauser\Desktop\esetsmartinstaller_enu.exe
[2012.07.17 15:52:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hauser\Desktop\OTL.exe
[2012.07.17 14:59:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Malwarebytes
[2012.07.17 14:59:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.17 14:59:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.17 14:59:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.17 14:59:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.07.17 13:27:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012.07.05 16:08:11 | 000,000,000 | ---D | C] -- C:\Programme\ConvertHelper
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 09:55:35 | 004,582,182 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Hauser\Desktop\ComboFix.exe
[2012.07.19 09:51:23 | 000,004,425 | ---- | M] () -- C:\WINDOWS\DMS.INI
[2012.07.19 09:51:23 | 000,000,025 | ---- | M] () -- C:\WINDOWS\DMS1.INI
[2012.07.19 09:43:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.19 09:43:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.18 17:26:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.18 15:32:30 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012.07.18 14:42:48 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.07.17 17:15:09 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\idvbyxll.exe
[2012.07.17 16:44:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Hauser\defogger_reenable
[2012.07.17 16:41:35 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\Defogger.exe
[2012.07.17 16:40:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.17 16:16:28 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Hauser\Desktop\esetsmartinstaller_enu.exe
[2012.07.17 15:52:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hauser\Desktop\OTL.exe
[2012.07.17 14:59:11 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 13:59:15 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2012.07.17 13:27:10 | 000,001,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Hauser\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.13 09:49:43 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.13 09:40:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.12 19:44:35 | 000,001,783 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.18 15:32:30 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012.07.18 15:32:29 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.07.18 15:31:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.07.18 15:31:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.07.18 15:31:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.07.18 15:31:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.07.18 15:31:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.07.17 17:15:08 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\idvbyxll.exe
[2012.07.17 16:44:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\defogger_reenable
[2012.07.17 16:41:34 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\Defogger.exe
[2012.07.17 14:59:11 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 13:27:10 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2012.07.17 13:27:10 | 000,001,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.06.21 17:37:34 | 1899,255,808 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\Atmen.mpeg
[2012.06.06 11:58:07 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.16 12:20:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.07 17:30:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2011.11.07 16:40:46 | 000,000,025 | ---- | C] () -- C:\WINDOWS\DMS1.INI
[2011.11.07 16:40:24 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CHIPCLIP.INI
[2011.11.07 16:27:45 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7045n.dat
[2011.11.07 16:27:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011.11.07 16:27:12 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011.11.07 16:27:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2011.11.07 16:25:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011.11.04 19:15:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\Gtwatch.exe
[2011.11.04 19:15:30 | 000,018,120 | ---- | C] (   ) -- C:\WINDOWS\System32\drivers\gt681x.sys
[2011.11.04 19:15:00 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2011.11.04 19:15:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe
[2011.11.04 19:15:00 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2011.11.04 18:57:00 | 000,004,425 | ---- | C] () -- C:\WINDOWS\DMS.INI
[2011.10.17 15:57:42 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.10.17 12:28:58 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.10.17 11:12:06 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\.rnd
[2011.10.17 11:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.10.17 10:48:13 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011.10.17 10:45:28 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.10.17 10:45:28 | 000,195,855 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.10.17 10:45:28 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.10.17 10:43:36 | 000,035,231 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011.10.17 10:43:07 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011.10.17 10:43:05 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011.10.17 10:43:03 | 000,023,462 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.10.17 10:43:03 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.10.17 10:42:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.10.17 10:41:17 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.17 10:15:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.10.17 09:54:30 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== LOP Check ==========
 
[2012.07.18 14:47:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.03.06 14:15:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Leadertech
[2011.10.17 12:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\pdfforge
[2011.11.04 19:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.01.12 19:01:02 | 000,000,000 | ---- | M] ()(C:\DOKUME~?u) -- C:\DOKUME~팘ŭ
[2012.01.12 19:01:02 | 000,000,000 | ---- | C] ()(C:\DOKUME~?u) -- C:\DOKUME~팘ŭ
[2012.01.12 13:51:42 | 000,000,000 | ---- | M] ()(C:\D??UME~??) -- C:\D逈ଖUME~팘இ
[2012.01.12 13:51:42 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D錈੫
[2012.01.12 13:51:42 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D逈ଖ
[2012.01.12 13:51:42 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D짐ࡈ
[2012.01.12 13:51:42 | 000,000,000 | ---- | C] ()(C:\D??UME~??) -- C:\D逈ଖUME~팘இ
[2012.01.12 13:51:42 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D錈੫
[2012.01.12 13:51:42 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D逈ଖ
[2012.01.12 13:51:42 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D짐ࡈ
[2012.01.12 13:51:23 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D쬘֐
[2012.01.12 13:51:23 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D쌈֐
[2012.01.12 13:51:23 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\Dဈݏ
[2012.01.12 13:51:23 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\Dﺘݑ
[2012.01.12 13:51:23 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D쬘֐
[2012.01.12 13:51:23 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D쌈֐
[2012.01.12 13:51:23 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\Dဈݏ
[2012.01.12 13:51:23 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\Dﺘݑ
[2012.01.12 13:28:44 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D鹨બ
[2012.01.12 13:28:44 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D鹨બ

< End of report >

Hoffe das genügt so & warte auf neue Anweisungen
MfG Swoffus

Larusso · 19.07.2012, 11:46

Ja, aber warum sehe ich immer noch keine laufende Anti Viren Software wie hier beschrieben ? http://www.trojaner-board.de/119740-...tml#post868325

Wenn ich den nächsten Logs keine auffinde, werde ich den Support einstellen, weil es meine Arbeit hier sinnlos macht.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:otl
[2012.07.17 13:59:15 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2012.07.17 13:27:10 | 000,001,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Hauser\Startmenü\Programme\Autostart\ctfmon.lnk
:commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
Kopiere nun den Inhalt hier in Deinen Thread

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

swoffus · 19.07.2012, 11:55

Sorry, hatte avast erst nach den logs installiert!
Soll ich das Antivirenprogramm laufen lassen oder es schließen bevor ich fortfahre?
Bitte um Antwort,
danke.

Swoffus

Larusso · 19.07.2012, 12:18

Anweisungen der Reihe nach folgen.

Mach ganz normal mit meinen Anweisungen weiter

swoffus · 19.07.2012, 13:33

So habe jetzt einmal die movedfiles:

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad moved successfully.
C:\Dokumente und Einstellungen\Hauser\Startmenü\Programme\Autostart\ctfmon.lnk moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Hauser
->Temp folder emptied: 553865 bytes
->Temporary Internet Files folder emptied: 3394660 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60998679 bytes
->Flash cache emptied: 506 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 64,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07192012_135252

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012.07.19 13:53:48 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

und neue otl-logs:
OTL:

Code:

ATTFilter

OTL logfile created on: 19.07.2012 14:24:48 - Run 4
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Hauser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 79,33% Memory free
6,34 Gb Paging File | 5,78 Gb Available in Paging File | 91,26% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 214,84 Gb Total Space | 189,29 Gb Free Space | 88,11% Space Free | Partition Type: NTFS
Drive D: | 250,91 Gb Total Space | 250,52 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive F: | 1,95 Gb Total Space | 1,38 Gb Free Space | 70,75% Space Free | Partition Type: FAT
Drive Y: | 465,75 Gb Total Space | 416,88 Gb Free Space | 89,51% Space Free | Partition Type: NTFS
Drive Z: | 465,75 Gb Total Space | 416,88 Gb Free Space | 89,51% Space Free | Partition Type: NTFS
 
Computer Name: ASUSMINI | User Name: Hauser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 10:27:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.07.17 15:52:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hauser\Desktop\OTL.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.11.03 20:25:08 | 008,094,080 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.11.03 20:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.10.07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2008.04.24 17:14:22 | 000,327,680 | ---- | M] () -- C:\Programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.31 15:03:40 | 000,094,208 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfimon.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2001.11.23 12:02:12 | 000,364,544 | ---- | M] (Common Group) -- C:\WINDOWS\twain_32\L3U16\WATCH.exe
PRC - [2001.08.24 12:18:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Gtwatch.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 11:04:14 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.07.19 10:27:57 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.07.19 09:06:41 | 001,784,320 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12071901\algo.dll
MOD - [2012.06.14 08:49:09 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.14 08:45:29 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.14 08:45:22 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.14 08:41:50 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.14 14:00:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.14 14:00:34 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012.05.14 13:42:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.14 13:41:42 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.14 13:41:36 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011.10.17 10:47:56 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3548.36830__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:56 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3548.36811__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:56 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:56 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:56 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3548.36820__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:55 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3548.36901__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:55 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3548.36868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3548.36869__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:55 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3548.36882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:55 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3548.36820__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:55 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3548.36868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:55 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3548.36863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:55 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3548.36902__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:55 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:54 | 000,823,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3548.36856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:54 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3548.36877__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011.10.17 10:47:54 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3548.36831__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3548.36861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3548.36832__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3548.36821__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3548.36850__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.10.17 10:47:53 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3548.36854__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3548.36836__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3548.36855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3548.36862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011.10.17 10:47:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3531.24440__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3531.24439__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3531.24478__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3531.24559__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3531.24552__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3531.24471__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3531.24549__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011.10.17 10:47:53 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011.10.17 10:47:52 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3531.24451__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3531.24414__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3531.24511__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3531.24504__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3531.24510__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011.10.17 10:47:52 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3531.24538__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3531.24410__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3531.24476__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3531.24412__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3531.24636__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.10.17 10:47:52 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3531.24499__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3531.24495__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3531.24442__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3531.24506__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3531.24449__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3531.24426__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3531.24472__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3531.24466__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3531.24494__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3531.24455__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3531.24498__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011.10.17 10:47:52 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3531.24460__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3548.36926__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011.10.17 10:47:51 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3548.36825__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011.10.17 10:47:51 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3548.36896__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.10.17 10:47:51 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3548.36894__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.10.17 10:47:51 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3531.24503__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3531.24502__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3548.36907__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011.10.17 10:47:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3531.24420__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011.10.17 10:47:51 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3531.24509__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3531.24429__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.10.17 10:47:51 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3531.24467__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3531.24462__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011.10.17 10:47:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3531.24435__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011.10.17 10:47:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3531.24459__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.10.17 10:47:51 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3531.24469__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011.10.17 10:47:51 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3531.24441__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011.10.17 10:47:51 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011.10.17 10:47:51 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011.10.17 10:47:51 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011.10.17 10:47:50 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3548.36816__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011.10.17 10:47:50 | 000,561,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3548.36890__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011.10.17 10:47:50 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3548.36809__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011.10.17 10:47:50 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3548.36807__90ba9c70f846762e\APM.Server.dll
MOD - [2011.10.17 10:47:50 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3548.36810__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011.10.17 10:47:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3531.24457__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011.10.17 10:47:50 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3548.36808__90ba9c70f846762e\AEM.Server.dll
MOD - [2011.10.17 10:47:50 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3531.24445__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011.10.17 10:47:50 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011.10.17 10:47:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3531.24463__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011.10.17 10:47:50 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3531.24513__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011.10.17 10:47:50 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3548.36896__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.10.07 11:41:16 | 000,879,896 | ---- | M] () -- C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.24 17:14:22 | 000,327,680 | ---- | M] () -- C:\Programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2002.11.26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
MOD - [2001.08.24 12:18:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Gtwatch.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 10:27:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.11.03 20:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.02.28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Hauser\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2012.03.07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.03.07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.03.07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.03.07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.09.02 08:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011.09.02 08:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011.09.02 08:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010.07.06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.10.21 05:22:32 | 001,425,280 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.09.19 06:29:38 | 004,477,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.06.24 12:24:34 | 003,734,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2007.08.29 10:47:12 | 000,039,424 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lknuhub.sys -- (LKNUHUB)
DRV - [2007.08.29 10:47:04 | 000,014,848 | ---- | M] (SerComm) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lknucmp.sys -- (LKNUCMP)
DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007.02.14 12:26:54 | 000,012,032 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lknuhst.sys -- (lknuhst)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.07.14 13:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004.05.11 20:11:02 | 000,099,968 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2004.04.28 11:03:08 | 000,328,448 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2001.08.27 11:09:14 | 000,018,120 | ---- | M] (   ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gt681x.sys -- (GT681x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2012.07.19 10:45:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 10:27:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
 
[2012.06.14 17:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Extensions
[2012.07.17 13:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\extensions
[2012.06.14 17:27:17 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.06.14 17:42:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.17 13:29:29 | 000,000,000 | ---D | M] (Youtube Watch In Sidebar) -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Mozilla\Firefox\Profiles\kxekx8zf.default\extensions\{bac96ae2-1515-4b15-906f-f13a9f682c83}
[2012.06.18 12:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.18 12:32:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.06.14 17:42:44 | 000,015,162 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HAUSER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KXEKX8ZF.DEFAULT\EXTENSIONS\{988DA70D-B78D-44A1-A9C7-ED11832A9E2E}.XPI
[2012.07.17 13:29:27 | 000,095,026 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HAUSER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KXEKX8ZF.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
[2012.07.19 10:45:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.07.19 10:27:57 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.17 12:43:23 | 000,440,060 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 15140 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EvtMgr6] C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PSDiagnosticM] C:\Programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Watch.lnk = C:\WINDOWS\twain_32\L3U16\WATCH.exe (Common Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE0561C8-544A-4A1D-9326-A77E7867CF94}: NameServer = 10.0.1.254
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.17 10:13:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 13:58:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hauser\Startmenü\Programme\CyberLink PowerDVD
[2012.07.19 13:52:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.19 10:45:38 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012.07.19 10:45:38 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012.07.19 10:45:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2012.07.19 10:45:36 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012.07.19 10:45:36 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012.07.19 10:45:36 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012.07.19 10:45:35 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012.07.19 10:45:35 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012.07.19 10:45:35 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012.07.19 10:45:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.19 10:45:13 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012.07.19 10:45:12 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012.07.19 10:32:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.07.19 09:55:19 | 004,582,182 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Hauser\Desktop\ComboFix.exe
[2012.07.18 15:32:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.07.18 15:31:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.07.18 15:31:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.07.18 15:31:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.07.18 15:31:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.07.18 15:31:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.18 15:31:12 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Hauser\Startmenü\Programme\Verwaltung
[2012.07.18 15:31:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.07.17 16:16:49 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.07.17 16:16:28 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Hauser\Desktop\esetsmartinstaller_enu.exe
[2012.07.17 15:52:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hauser\Desktop\OTL.exe
[2012.07.17 14:59:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hauser\Anwendungsdaten\Malwarebytes
[2012.07.17 14:59:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.17 14:59:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.17 14:59:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.17 14:59:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.07.17 13:27:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012.07.05 16:08:11 | 000,000,000 | ---D | C] -- C:\Programme\ConvertHelper
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 13:53:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.19 11:04:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.07.19 11:04:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.07.19 10:45:36 | 000,003,001 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.07.19 09:55:35 | 004,582,182 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Hauser\Desktop\ComboFix.exe
[2012.07.19 09:51:23 | 000,004,425 | ---- | M] () -- C:\WINDOWS\DMS.INI
[2012.07.19 09:51:23 | 000,000,025 | ---- | M] () -- C:\WINDOWS\DMS1.INI
[2012.07.18 15:32:30 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012.07.17 17:15:09 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\idvbyxll.exe
[2012.07.17 16:44:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Hauser\defogger_reenable
[2012.07.17 16:41:35 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\Defogger.exe
[2012.07.17 16:40:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.17 16:16:28 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Hauser\Desktop\esetsmartinstaller_enu.exe
[2012.07.17 15:52:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hauser\Desktop\OTL.exe
[2012.07.17 14:59:11 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 09:49:43 | 000,263,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.13 09:40:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.18 15:32:30 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2012.07.18 15:32:29 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.07.18 15:31:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.07.18 15:31:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.07.18 15:31:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.07.18 15:31:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.07.18 15:31:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.07.17 17:15:08 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\idvbyxll.exe
[2012.07.17 16:44:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\defogger_reenable
[2012.07.17 16:41:34 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\Defogger.exe
[2012.07.17 14:59:11 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.21 17:37:34 | 1899,255,808 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Desktop\Atmen.mpeg
[2012.06.06 11:58:07 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.16 12:20:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.07 17:30:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2011.11.07 16:40:46 | 000,000,025 | ---- | C] () -- C:\WINDOWS\DMS1.INI
[2011.11.07 16:40:24 | 000,000,030 | ---- | C] () -- C:\WINDOWS\CHIPCLIP.INI
[2011.11.07 16:27:45 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\bd7045n.dat
[2011.11.07 16:27:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2011.11.07 16:27:12 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2011.11.07 16:27:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2011.11.07 16:25:08 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011.11.04 19:15:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\Gtwatch.exe
[2011.11.04 19:15:30 | 000,018,120 | ---- | C] (   ) -- C:\WINDOWS\System32\drivers\gt681x.sys
[2011.11.04 19:15:00 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2011.11.04 19:15:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hlduinst.exe
[2011.11.04 19:15:00 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2011.11.04 18:57:00 | 000,004,425 | ---- | C] () -- C:\WINDOWS\DMS.INI
[2011.10.17 15:57:42 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.10.17 12:28:58 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.10.17 11:12:06 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Hauser\.rnd
[2011.10.17 11:04:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011.10.17 10:48:13 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011.10.17 10:45:28 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.10.17 10:45:28 | 000,195,855 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.10.17 10:45:28 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.10.17 10:43:36 | 000,035,231 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011.10.17 10:43:07 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011.10.17 10:43:05 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011.10.17 10:43:03 | 000,023,462 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.10.17 10:43:03 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.10.17 10:42:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.10.17 10:41:17 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.17 10:15:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.10.17 09:54:30 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== Files - Unicode (All) ==========
[2012.01.12 19:01:02 | 000,000,000 | ---- | M] ()(C:\DOKUME~?u) -- C:\DOKUME~팘ŭ
[2012.01.12 19:01:02 | 000,000,000 | ---- | C] ()(C:\DOKUME~?u) -- C:\DOKUME~팘ŭ
[2012.01.12 13:51:42 | 000,000,000 | ---- | M] ()(C:\D??UME~??) -- C:\D逈ଖUME~팘இ
[2012.01.12 13:51:42 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D錈੫
[2012.01.12 13:51:42 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D逈ଖ
[2012.01.12 13:51:42 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D짐ࡈ
[2012.01.12 13:51:42 | 000,000,000 | ---- | C] ()(C:\D??UME~??) -- C:\D逈ଖUME~팘இ
[2012.01.12 13:51:42 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D錈੫
[2012.01.12 13:51:42 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D逈ଖ
[2012.01.12 13:51:42 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D짐ࡈ
[2012.01.12 13:51:23 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D쬘֐
[2012.01.12 13:51:23 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D쌈֐
[2012.01.12 13:51:23 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\Dဈݏ
[2012.01.12 13:51:23 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\Dﺘݑ
[2012.01.12 13:51:23 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D쬘֐
[2012.01.12 13:51:23 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D쌈֐
[2012.01.12 13:51:23 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\Dဈݏ
[2012.01.12 13:51:23 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\Dﺘݑ
[2012.01.12 13:28:44 | 000,000,000 | ---- | M] ()(C:\D??) -- C:\D鹨બ
[2012.01.12 13:28:44 | 000,000,000 | ---- | C] ()(C:\D??) -- C:\D鹨બ

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 19.07.2012 14:24:48 - Run 4
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Dokumente und Einstellungen\Hauser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 79,33% Memory free
6,34 Gb Paging File | 5,78 Gb Available in Paging File | 91,26% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 214,84 Gb Total Space | 189,29 Gb Free Space | 88,11% Space Free | Partition Type: NTFS
Drive D: | 250,91 Gb Total Space | 250,52 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive F: | 1,95 Gb Total Space | 1,38 Gb Free Space | 70,75% Space Free | Partition Type: FAT
Drive Y: | 465,75 Gb Total Space | 416,88 Gb Free Space | 89,51% Space Free | Partition Type: NTFS
Drive Z: | 465,75 Gb Total Space | 416,88 Gb Free Space | 89,51% Space Free | Partition Type: NTFS
 
Computer Name: ASUSMINI | User Name: Hauser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"54925:UDP" = 54925:UDP:*:Enabled:Brother Network Scanner
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\TeamViewer\Version6\TeamViewer.exe" = C:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe" = C:\Programme\Linksys Wireless-G Print Server\PSDiagnosticM.exe:*:Enabled:WPSM54G PSUtility -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04E327BF-D629-3FC1-CCEE-9F9518B90D50}" = CCC Help German
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{1E7E031A-E44D-198E-2571-749695A2482A}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28F3A82E-1C3F-AA24-9CF2-9209933DEC5A}" = CCC Help Chinese Traditional
"{2ACEF0C5-81F0-EB73-0705-38FA53326D32}" = CCC Help Japanese
"{31B34310-D940-01D7-6371-FE06ED996597}" = Catalyst Control Center Graphics Light
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus
"{4555C7E2-1A62-D16E-2464-497B5872EC61}" = CCC Help Spanish
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{481934E5-3515-F503-DA0E-B81E2A0BD5F2}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50387819-495D-2984-FB92-557B132378C7}" = CCC Help Thai
"{55EB7DF0-438A-F57E-5B2E-A5B061E10D91}" = CCC Help Norwegian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DB08CC8-F9A9-0C59-000B-DF964FC293F9}" = CCC Help Danish
"{5FA168A4-44DB-8D5D-3A5A-F61D79952EC3}" = CCC Help Czech
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68C9A973-E85A-5252-DE5B-454CB57623BA}" = ccc-core-preinstall
"{78AB40A5-2477-3406-4C99-61C1B12AAA1A}" = Skins
"{80956AA5-CBCB-19F1-5A10-3AB6448A314A}" = Catalyst Control Center Graphics Full New
"{81F38D43-A320-ED8D-9BDD-E777C3FFC38C}" = CCC Help French
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{99E30F96-79A4-23A1-94D1-7F09337ED785}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D509BA5-A0C2-CD9D-0425-9F38C2C03883}" = CCC Help Korean
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5FCE06C-6924-C78B-4604-A30B2271EFF1}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{BD64A2D5-5BE7-A344-CE0A-C5B0B03BF741}" = CCC Help Russian
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1C5DE8D-33D0-1BAA-0EAF-52C995238DC9}" = CCC Help Finnish
"{C216CF84-6825-E3EB-9DDD-10361CD71B7F}" = CCC Help Turkish
"{C61244F9-C335-4EE4-BF7B-5CAB855555E3}" = Linksys Wireless-G Print Server
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC023A65-3034-6DF8-4106-B6B52A1D4C53}" = CCC Help Portuguese
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF343D-D28D-2411-D934-782BA41C5DF2}" = ccc-core-static
"{D81508A7-402B-2D4E-D0C8-30D9832FEFDC}" = Catalyst Control Center Localization All
"{DB33D8DC-7C43-A847-7A1C-9EB91BBCCDE1}" = CCC Help Swedish
"{E4AB36C7-60B5-742C-13C8-94EE06B79666}" = CCC Help Polish
"{EA13BE11-8E57-DE5D-8617-E2D27B0E7DF8}" = CCC Help Greek
"{ED0D58D7-E222-726F-DF3C-23A6AB22DA9C}" = ccc-utility
"{EDCAE989-2BE6-6875-31E5-9F16F7802530}" = CCC Help English
"{F0AAE3C5-D70C-4F3C-8B6A-EC3992921031}" = Nero 8 Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA1CD581-6B71-983C-0159-A1C52761DC84}" = CCC Help Chinese Standard
"{FC602DF8-0A39-9D39-803A-F374CE1B4D4B}" = CCC Help Hungarian
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Hardlock Device Drivers" = Hardlock Device Drivers
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"ScanExpress A3 USB v1.0" = ScanExpress A3 USB v1.0
"sp6" = Logitech SetPoint 6.32
"ST6UNST #1" = Rothballer Version 2006
"TeamViewer 6" = TeamViewer 6
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.07.2012 06:27:41 | Computer Name = ASUSMINI | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 17.07.2012 07:06:47 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung MSACCESS.EXE, Version 11.0.8204.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 10:58:28 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 10:58:39 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 10:58:45 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 10:59:17 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 10:59:25 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 10:59:40 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 11:00:04 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.07.2012 11:00:19 | Computer Name = ASUSMINI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung aswclear.exe, Version 7.0.4136.1129, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 13.07.2012 08:46:20 | Computer Name = ASUSMINI | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "NMIndexingService"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E8933C4B-2C90-4A04-A677-E958D9509F1A}
 
 
< End of report >

Hoffe das war so richtig!
Bis dann
Swoffus

Larusso · 19.07.2012, 15:04

Hy, kannst du mit diesen Ordner was Anfangen ?

(C:\D??) -- C:\D鹨બ

swoffus · 19.07.2012, 15:21

Hallo!
Kann das sein das es damit zu tun hat???

Zitat:

Zitat von swoffus

Beim Neustart ist dieses Problem aufgetaucht - kann man das auch irgendwie beheben?
Meldung:
Fehler beim Laden von C:\DOKUM~1\Hauser\LOKALE~1\Temp\wpbt0.dll
Das angegebene Modul wurde nicht gefunden.

Weiß nicht/noch nicht ob das umbedingt benötigt wird...
Hoffe Du (passt das mit dem du?) kannst mir da auch weiterhelfen, denn ich bin auf dem
Gebiet nicht wirklich versiert.

Sonst wüsst ich nicht für was ich die brauche?!
Stören die...?

Gruß
Swoffus

Larusso · 20.07.2012, 10:02

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
wpbt0.dll
:dir
C:
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

swoffus · 20.07.2012, 10:38

Hallo Daniel!
Anbei das Ergebnis von systemlook:

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 11:35 on 20/07/2012 by Hauser
Administrator - Elevation successful

========== filefind ==========

Searching for "wpbt0.dll"
No files found.

========== dir ==========

C: - Parameters: "(none)"

---Files---
AUTOEXEC.BAT	--a---- 0 bytes	[08:13 17/10/2011]	[08:13 17/10/2011]
Boot.bak	--a---- 223 bytes	[13:32 18/07/2012]	[08:44 17/10/2011]
boot.ini	-rahs-- 339 bytes	[09:40 17/10/2011]	[13:32 18/07/2012]
bootfont.bin	-rahs-- 4952 bytes	[12:00 14/04/2008]	[12:00 14/04/2008]
cmldr	-rahs-- 262448 bytes	[13:32 18/07/2012]	[21:00 03/08/2004]
ComboFix.txt	--a---- 10778 bytes	[08:27 19/07/2012]	[08:27 19/07/2012]
CONFIG.SYS	--a---- 0 bytes	[08:13 17/10/2011]	[08:13 17/10/2011]
DMS.INI	--a---- 1826 bytes	[16:57 04/11/2011]	[14:40 07/11/2011]
DMS1.INI	--a---- 25 bytes	[14:40 07/11/2011]	[14:40 07/11/2011]
DOK	--a---- 0 bytes	[11:28 12/01/2012]	[11:51 12/01/2012]
DOKUME~팘ŭ	--a---- 0 bytes	[17:01 12/01/2012]	[17:01 12/01/2012]
Dဈݏ	--a---- 0 bytes	[11:51 12/01/2012]	[11:51 12/01/2012]
D逈ଖ	--a---- 0 bytes	[11:51 12/01/2012]	[11:51 12/01/2012]
D逈ଖUME~팘இ	--a---- 0 bytes	[11:51 12/01/2012]	[11:51 12/01/2012]
D錈੫	--a---- 0 bytes	[11:51 12/01/2012]	[11:51 12/01/2012]
D鹨બ	--a---- 0 bytes	[11:28 12/01/2012]	[11:28 12/01/2012]
D쌈֐	--a---- 0 bytes	[11:51 12/01/2012]	[11:51 12/01/2012]
D짐ࡈ	--a---- 0 bytes	[11:51 12/01/2012]	[11:51 12/01/2012]
D쬘֐	--a---- 0 bytes	[11:51 12/01/2012]	[11:51 12/01/2012]
Dﺘݑ	--a---- 0 bytes	[11:51 12/01/2012]	[11:51 12/01/2012]
HDMI.log	--a---- 2363 bytes	[08:48 17/10/2011]	[08:50 17/10/2011]
IO.SYS	-rahs-- 0 bytes	[08:13 17/10/2011]	[08:13 17/10/2011]
MSACCESS.msp	--a---- 88160768 bytes	[10:16 18/12/2007]	[10:16 18/12/2007]
MSACCESS_readme.txt	--a---- 5225 bytes	[15:11 17/12/2007]	[15:11 17/12/2007]
MSDOS.SYS	-rahs-- 0 bytes	[08:13 17/10/2011]	[08:13 17/10/2011]
NTDETECT.COM	-rahs-- 47564 bytes	[12:00 14/04/2008]	[12:00 14/04/2008]
ntldr	-rahs-- 251712 bytes	[12:00 14/04/2008]	[12:00 14/04/2008]
pagefile.sys	--ahs-- -807301120 bytes	[09:34 17/10/2011]	[07:02 20/07/2012]
setup.iss	--a---- 813 bytes	[15:18 07/11/2011]	[03:10 25/01/2007]
setup.log	--a---- 186 bytes	[15:18 07/11/2011]	[15:18 07/11/2011]

---Folders---
Brother	d------	[14:27 07/11/2011]
cmdcons	drahs--	[13:32 18/07/2012]
Config.Msi	d--hs--	[08:45 19/07/2012]
Dokumente und Einstellungen	d------	[08:41 17/10/2011]
lba	d------	[14:55 07/11/2011]
Programme	dr-----	[08:42 17/10/2011]
Qoobox	d------	[13:31 18/07/2012]
RECYCLER	d--hs--	[08:32 19/07/2012]
System Volume Information	d--hs--	[08:41 17/10/2011]
WINDOWS	d------	[09:34 17/10/2011]
_OTL	d------	[11:52 19/07/2012]

 - Unable to find folder.

-= EOF =-

Bis dann...
swoffus

Larusso · 20.07.2012, 12:14

aww, hab mich im skript verschrieben. Bitte folgendes nochmal mit Systemlook ausführen.

Code:

ATTFilter

:regfind
wpbt0.dll

swoffus · 20.07.2012, 12:17

Und hier - the new...

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 13:15 on 20/07/2012 by Hauser
Administrator - Elevation successful

========== regfind ==========

Searching for "wpbt0.dll"
No data found.

Searching for "         "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\MSPMSP\KBDeviceList]
"SanDiskIMb"="E-USB Fl;ash             ;    "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB)              SAMSUNG WNR-31601A (1.6GB)               IBM-DTCA-24090                          TC6OAA2A IBM-DTCA-24090                          TC6IAA2A IBM-DPLA-25120                          PL8OAA2A IBM-DPLA-25120                          PL8IAA2A IBM-DPLA-25120                          PL8IAA4A IBM-DTCA-23240                          TC5OAA2A IBM-DTCA-23240                          TC5IAA2A IBM-DPLA-24480                          PL7OAA2A IBM-DPLA-24480                          PL7IAA2A"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"NoFlushDevice"="QUANTUM_LPS525A                          SCR-730                                 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"PioOnlyDevice"="    Conner Peripherals 425MB - CFS425A   MATSHITA CR-581                          FX600S                                   CD-44E                                   QUANTUM TRB850A                          QUANTUM MARVERICK 540A                    MAXTOR MXT-540  AT                      Maxtor 71260 AT                          Maxtor 7850 AV                           Maxtor 7540 AV                           Maxtor 7213 AT                           Maxtor 7345                              Maxtor 7245 AT                           Maxtor 7245                              Maxtor 7211AU                            Maxtor 7171 AT                           CD-316E                                  SAMSUNG_SCR-2430 CR-2801TE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"NonRemovableMedia"="Kingston Technology DataPak 340          SunDisk SDP5A-10                         SunDisk SDCFB-10                         SunDisk SDP3B-20                         SunDisk SDP3B-175                        SunDisk SDP5-2.5                         Calluna Technology CT260MC               BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1       ATA_FLASH  Mitsubishi ATA Card  LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK   8M  8K"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"NoPowerDownDevice"="RD-DRC001-M                              CS-R37 0                                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters]
"AutoEjectZipDevice"="IOMEGA  ZIP 100       ATAPI             23.D     IOMEGA  ZIP 100       ATAPI             21.D     IOMEGA  ZIP 100       ATAPI             20.D     IOMEGA  ZIP 100       ATAPI             91.D     IOMEGA  ZIP 100                         B.29     IOMEGA  ZIP 100                         B.22    "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB)              SAMSUNG WNR-31601A (1.6GB)               IBM-DTCA-24090                          TC6OAA2A IBM-DTCA-24090                          TC6IAA2A IBM-DPLA-25120                          PL8OAA2A IBM-DPLA-25120                          PL8IAA2A IBM-DPLA-25120                          PL8IAA4A IBM-DTCA-23240                          TC5OAA2A IBM-DTCA-23240                          TC5IAA2A IBM-DPLA-24480                          PL7OAA2A IBM-DPLA-24480                          PL7IAA2A"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"NoFlushDevice"="QUANTUM_LPS525A                          SCR-730                                 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"PioOnlyDevice"="    Conner Peripherals 425MB - CFS425A   MATSHITA CR-581                          FX600S                                   CD-44E                                   QUANTUM TRB850A                          QUANTUM MARVERICK 540A                    MAXTOR MXT-540  AT                      Maxtor 71260 AT                          Maxtor 7850 AV                           Maxtor 7540 AV                           Maxtor 7213 AT                           Maxtor 7345                              Maxtor 7245 AT                           Maxtor 7245                              Maxtor 7211AU                            Maxtor 7171 AT                           CD-316E                                  SAMSUNG_SCR-2430 CR-2801TE"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"NonRemovableMedia"="Kingston Technology DataPak 340          SunDisk SDP5A-10                         SunDisk SDCFB-10                         SunDisk SDP3B-20                         SunDisk SDP3B-175                        SunDisk SDP5-2.5                         Calluna Technology CT260MC               BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1       ATA_FLASH  Mitsubishi ATA Card  LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK   8M  8K"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"NoPowerDownDevice"="RD-DRC001-M                              CS-R37 0                                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters]
"AutoEjectZipDevice"="IOMEGA  ZIP 100       ATAPI             23.D     IOMEGA  ZIP 100       ATAPI             21.D     IOMEGA  ZIP 100       ATAPI             20.D     IOMEGA  ZIP 100       ATAPI             91.D     IOMEGA  ZIP 100                         B.29     IOMEGA  ZIP 100                         B.22    "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"UseCheckPowerForFlush"="SAMSUNG WNR-31601A (1600MB)              SAMSUNG WNR-31601A (1.6GB)               IBM-DTCA-24090                          TC6OAA2A IBM-DTCA-24090                          TC6IAA2A IBM-DPLA-25120                          PL8OAA2A IBM-DPLA-25120                          PL8IAA2A IBM-DPLA-25120                          PL8IAA4A IBM-DTCA-23240                          TC5OAA2A IBM-DTCA-23240                          TC5IAA2A IBM-DPLA-24480                          PL7OAA2A IBM-DPLA-24480                          PL7IAA2A"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"NoFlushDevice"="QUANTUM_LPS525A                          SCR-730                                 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"PioOnlyDevice"="    Conner Peripherals 425MB - CFS425A   MATSHITA CR-581                          FX600S                                   CD-44E                                   QUANTUM TRB850A                          QUANTUM MARVERICK 540A                    MAXTOR MXT-540  AT                      Maxtor 71260 AT                          Maxtor 7850 AV                           Maxtor 7540 AV                           Maxtor 7213 AT                           Maxtor 7345                              Maxtor 7245 AT                           Maxtor 7245                              Maxtor 7211AU                            Maxtor 7171 AT                           CD-316E                                  SAMSUNG_SCR-2430 CR-2801TE"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"NonRemovableMedia"="Kingston Technology DataPak 340          SunDisk SDP5A-10                         SunDisk SDCFB-10                         SunDisk SDP3B-20                         SunDisk SDP3B-175                        SunDisk SDP5-2.5                         Calluna Technology CT260MC               BN-S004AC-S 1.00 Calluna Technology CT520RM Hitachi CV 5.1.1       ATA_FLASH  Mitsubishi ATA Card  LEXAR ATA_FLASH Micron MTCF004A Micron MTCF008A SunDisk SDP3B-110 SunDisk SDCFB-4 BN-CAB-T MEMORYSTICK MEMORYSTICK   8M  8K"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"NoPowerDownDevice"="RD-DRC001-M                              CS-R37 0                                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters]
"AutoEjectZipDevice"="IOMEGA  ZIP 100       ATAPI             23.D     IOMEGA  ZIP 100       ATAPI             21.D     IOMEGA  ZIP 100       ATAPI             20.D     IOMEGA  ZIP 100       ATAPI             91.D     IOMEGA  ZIP 100                         B.29     IOMEGA  ZIP 100                         B.22    "

-= EOF =-

till then...

Hallo Daniel,
bin ab morgen für 10 Tage nicht mehr erreichbar!

Werde den PC in der Zwischenzeit ausschalten, so kann ja nichts passieren, oder?
Darf ich mich danach wieder bei dir melden um fortzufahren(und wenn ja, wie?), oder stellst du das Thema ein(was schlecht für mich wäre).

Bitte gib kurz bescheid, wie ich mich wieder melden darf....

Danke schon im voraus für die eventuelle weitere Betreuung & danke
für das bisher erreichte...

Gruß
swoffus

19.07.2012, 12:18	#8
Larusso /// Selecta Jahrusso	Polizei-Trojaner Österreich mit Webcam, wie für immer entfernen? Anweisungen der Reihe nach folgen. Mach ganz normal mit meinen Anweisungen weiter __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

19.07.2012, 15:04	#10
Larusso /// Selecta Jahrusso	Polizei-Trojaner Österreich mit Webcam, wie für immer entfernen? Hy, kannst du mit diesen Ordner was Anfangen ? (C:\D??) -- C:\D鹨બ __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Polizei-Trojaner Österreich mit Webcam, wie für immer entfernen?

Log-Analyse und Auswertung: Polizei-Trojaner Österreich mit Webcam, wie für immer entfernen?