| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/mediyes.F.3Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.06.2012, 17:46
| #16 |
 |  TR/mediyes.F.3 Hallo entschuldige aber ich war beruflich einen Tag weg und nicht am pc. ------------------------------------------------------------------------ C:\Windows\System32\intt4hnvn.tsp a variant of Win32/Mediyes.L trojan war die meldung. Das ist glaub ich jetzt ein anderer oder? ------------------------------------------- nochmals danke für die Hilfe Lg rose #OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.06.2012 09:48:11 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\zeller\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 66,60% Memory free 6,50 Gb Paging File | 5,17 Gb Available in Paging File | 79,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1303,78 Gb Free Space | 94,74% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,66 Gb Free Space | 58,32% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: PHOENIX | User Name: zeller | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.11 10:47:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe PRC - [2010.12.08 21:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2005.04.06 16:53:06 | 003,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 14:02:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.15 14:02:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 14:02:00 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.11 07:04:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 07:04:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 07:04:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 07:04:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 07:03:52 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.12.08 21:18:26 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.12.08 21:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.02.02 11:33:39 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3660.33486__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3660.33443__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3660.33319__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3660.33396__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3660.33397__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3660.33417__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3660.33329__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3660.33444__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3660.33395__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3660.33388__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3660.33338__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3660.33330__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3660.33487__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 001,290,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3660.33482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3660.33379__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3660.33458__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3660.33346__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3660.33410__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.02.02 11:33:38 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3660.33371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3660.33378__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3660.33385__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3660.33457__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3660.33384__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3660.33351__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3660.33386__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3639.21544__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3639.21529__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3639.21799__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3639.21677__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3639.21772__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3639.21517__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3639.21518__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3639.21922__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.02.02 11:33:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3639.21571__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3639.21582__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3639.21557__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3639.21776__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3639.21569__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3639.21562__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3639.21599__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3639.21620__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3639.21566__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3639.21663__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3639.21591__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3639.21613__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3639.21806__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3639.21789__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3639.21606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3639.21788__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.02.02 11:33:37 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.02.02 11:33:36 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3660.33325__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.02.02 11:33:36 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3660.33479__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3660.33428__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.02.02 11:33:36 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3660.33337__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.02.02 11:33:36 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3660.33436__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3660.33434__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3639.21679__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3660.33316__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3639.21608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3660.33315__90ba9c70f846762e\APM.Server.dll MOD - [2010.02.02 11:33:36 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3660.33318__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3639.21609__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3639.21670__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3639.21589__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3660.33314__90ba9c70f846762e\AEM.Server.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3660.33451__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3639.21551__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3639.21578__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3639.21577__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3639.21601__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3639.21521__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3639.21666__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3639.21623__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3639.21565__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3639.21594__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3639.21673__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3639.21539__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3639.21592__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3639.21596__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3639.21681__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3639.21611__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3639.21604__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.02.02 11:33:36 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3660.33435__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3639.21570__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.02.02 11:33:36 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3660.33313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - File not found [On_Demand | Stopped] -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr) SRV - [2012.06.08 11:10:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.04 21:08:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\zeller\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\zeller\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.06.05 04:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Google [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.11 13:54:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.11 13:54:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.08 11:10:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.11 06:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeller\AppData\Roaming\mozilla\Extensions [2012.05.06 16:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeller\AppData\Roaming\mozilla\Firefox\Profiles\p48b04s5.default\extensions [2012.03.29 12:19:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\zeller\AppData\Roaming\mozilla\Firefox\Profiles\p48b04s5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.14 15:23:20 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-1.xml [2012.01.17 15:08:38 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-2.xml [2012.02.12 12:30:18 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-3.xml [2012.02.17 13:29:42 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-4.xml [2012.02.22 18:36:34 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-5.xml [2012.03.22 19:39:06 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-6.xml [2012.03.29 13:07:13 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-7.xml [2012.05.01 14:43:37 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-8.xml [2012.06.14 19:01:56 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-9.xml [2012.01.06 11:09:19 | 000,001,056 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin.xml [2012.05.13 17:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.05.13 17:34:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.08 11:10:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.08 11:10:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.08 11:10:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.08 11:10:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.08 11:10:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.08 11:10:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.08 11:10:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.11 15:31:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_16_Plus_Sonderedition_Download-Version\Trayserver.exe (MAGIX AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\nspqalrj.dll File not found O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B216392A-5D26-485D-A3D1-1BA09B9A1893}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.16 09:43:29 | 000,000,000 | ---D | C] -- C:\Users\zeller\Desktop\Neuer Ordner [2012.06.15 14:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.15 14:16:00 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A832892D-A909-4991-89CF-65E33876A7A7} [2012.06.14 09:18:03 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A5DD066F-733D-4997-BB8C-D1D9D4D51975} [2012.06.14 09:17:50 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{8AB7D796-D795-45E0-8353-DD86920B869A} [2012.06.12 21:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge [2012.06.12 21:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Gameforge [2012.06.11 16:04:30 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Roaming\Malwarebytes [2012.06.11 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.11 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.11 16:04:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.11 16:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.11 16:02:44 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\zeller\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.11 15:35:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.06.11 15:21:30 | 004,540,367 | R--- | C] (Swearware) -- C:\Users\zeller\Desktop\ComboFix.exe [2012.06.11 13:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT [2012.06.11 13:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT [2012.06.11 13:46:00 | 126,228,160 | ---- | C] (INTENIUM GmbH) -- C:\Users\zeller\Desktop\DerGesandteDesKoenigs.exe [2012.06.11 13:13:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.11 13:13:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.11 13:13:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.11 13:13:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.06.11 13:12:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.11 12:57:20 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\zeller\Desktop\tdsskiller.exe [2012.06.11 10:47:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe [2012.06.11 07:18:56 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{0A4C483A-9555-4BB0-AEB6-56B917F793D5} [2012.06.11 07:18:41 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{96371A1E-5546-4661-AD5B-2887D9ECA745} [2012.06.10 07:22:01 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{C2E12B95-B211-4EF3-9880-CCB80F87F8EC} [2012.06.10 07:21:39 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{F4EACEAA-5DE7-4784-9AC1-29A278C1B80D} [2012.06.09 13:07:29 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{02D1EE42-84C4-4E18-9A5C-61A1F2FB8A7F} [2012.06.09 13:07:18 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{525EAF42-50FC-4450-B807-4FA1B1ABB338} [2012.06.03 12:23:16 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{D65677EA-F4E5-4611-B695-D164B274FA55} [2012.06.03 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{78645E66-0A70-44D7-895D-A8DDA1AB8CF8} [2012.05.31 12:54:24 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A7590411-AD22-4D4D-A09D-DF5C498B983B} [2012.05.31 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{17F86EC5-F83C-4EE2-9342-E70DD66E13D2} [2012.05.29 18:49:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.05.26 18:43:47 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{E8715F23-BCC1-4E50-A040-BE45D2BA05E9} [2012.05.26 18:43:25 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{D0829E83-DCFB-4B50-8C96-9A4EFF14F44D} [2012.05.23 17:59:46 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{915239B2-624D-44F6-AF04-724FF2B46FD2} [2012.05.23 17:59:23 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{6CC0EB47-25C6-4348-BF4D-06EC191A3549} [2012.05.21 08:13:25 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{26FFF07C-5D63-4110-94EC-D8079F1BB863} [2012.05.21 08:13:02 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{1CBA2674-5CCA-4DFF-BA76-AC66373001CC} [2012.05.19 13:48:37 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{88404B46-E740-4768-BD9C-2D86365E1FED} [2012.05.19 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{AC5825A1-BD29-4167-8EF1-DC3384CF30D7} [2012.05.19 09:37:54 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{14AAA730-538C-4F56-A3EB-98307E769DBF} [2012.05.19 09:37:29 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{C7AA86AC-4307-4F6A-A673-C9BA5E8AA6DB} [2012.05.18 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{2446465A-6271-45C6-B738-C00EFBAF6F85} [2012.05.18 16:38:42 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{92B230ED-8336-414B-9064-A8418C96B8A8} [2012.05.17 22:30:20 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{6674542A-37F7-4DC8-B447-4C800BE21D20} [2012.05.17 22:30:08 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{06CCA256-F922-48A0-9FB0-886CD9F7671F} [2012.05.17 10:28:16 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Roaming\Avira [2012.05.17 10:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.17 10:22:12 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.05.17 10:22:12 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.05.17 10:22:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.05.17 10:22:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.05.17 10:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.17 10:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.16 09:41:39 | 000,024,592 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\wklnhst.dat [2012.06.16 09:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.16 08:11:09 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 08:11:09 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 08:03:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.16 08:03:40 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2012.06.15 14:00:35 | 000,480,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.14 19:25:12 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.14 19:25:12 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.14 19:25:12 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.14 19:25:12 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.12 21:17:38 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\AION Free-To-Play.lnk [2012.06.11 16:04:27 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.11 16:02:54 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\zeller\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.11 15:31:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.06.11 15:19:46 | 004,540,367 | R--- | M] (Swearware) -- C:\Users\zeller\Desktop\ComboFix.exe [2012.06.11 13:52:03 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk [2012.06.11 13:52:01 | 000,001,299 | ---- | M] () -- C:\Users\Public\Desktop\Der Gesandte des Königs.lnk [2012.06.11 13:48:35 | 126,228,160 | ---- | M] (INTENIUM GmbH) -- C:\Users\zeller\Desktop\DerGesandteDesKoenigs.exe [2012.06.11 12:57:25 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\zeller\Desktop\tdsskiller.exe [2012.06.11 12:46:48 | 000,601,715 | ---- | M] () -- C:\Users\zeller\Desktop\adwcleaner.exe [2012.06.11 11:53:54 | 000,302,592 | ---- | M] () -- C:\Users\zeller\Desktop\fmvg7wjv.exe [2012.06.11 10:47:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe [2012.06.11 10:47:05 | 000,000,000 | ---- | M] () -- C:\Users\zeller\defogger_reenable [2012.06.11 10:34:33 | 000,050,477 | ---- | M] () -- C:\Users\zeller\Desktop\Defogger.exe [2012.05.29 18:49:16 | 314,693,193 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.05.27 19:47:51 | 000,175,386 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-27 19_47_47.642913.dmp [2012.05.26 18:43:13 | 000,167,190 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-26 18_43_11.590207.dmp [2012.05.17 16:57:08 | 000,167,170 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-17 16_57_07.884563.dmp [2012.05.17 10:22:51 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.12 21:17:38 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\AION Free-To-Play.lnk [2012.06.11 16:04:27 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.11 13:52:01 | 000,001,299 | ---- | C] () -- C:\Users\Public\Desktop\Der Gesandte des Königs.lnk [2012.06.11 13:13:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.11 13:13:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.11 13:13:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.11 13:13:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.11 13:13:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.11 12:46:47 | 000,601,715 | ---- | C] () -- C:\Users\zeller\Desktop\adwcleaner.exe [2012.06.11 11:53:53 | 000,302,592 | ---- | C] () -- C:\Users\zeller\Desktop\fmvg7wjv.exe [2012.06.11 10:47:05 | 000,000,000 | ---- | C] () -- C:\Users\zeller\defogger_reenable [2012.06.11 10:34:31 | 000,050,477 | ---- | C] () -- C:\Users\zeller\Desktop\Defogger.exe [2012.05.29 18:49:16 | 314,693,193 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.05.27 19:47:47 | 000,175,386 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-27 19_47_47.642913.dmp [2012.05.26 18:43:11 | 000,167,190 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-26 18_43_11.590207.dmp [2012.05.17 16:57:07 | 000,167,170 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-17 16_57_07.884563.dmp [2012.05.17 10:22:51 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.11.08 20:56:38 | 000,000,094 | ---- | C] () -- C:\Users\zeller\AppData\Local\fusioncache.dat [2011.05.02 16:54:11 | 000,024,592 | ---- | C] () -- C:\Users\zeller\AppData\Roaming\wklnhst.dat [2010.12.04 12:30:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.09.01 10:02:54 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe ========== LOP Check ========== [2011.06.21 10:26:28 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\aliasworlds [2010.11.25 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Anarchy [2010.12.08 13:47:49 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Be a King 2 [2011.05.24 19:48:37 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\BlamGames [2011.05.26 18:52:56 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Boolat Games [2010.11.15 10:22:07 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\capella-software [2012.04.16 09:27:50 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.05.25 09:01:08 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DivoGames [2011.05.25 16:14:11 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Dreamsdwell Stories [2011.07.22 17:50:04 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DVDVideoSoft [2011.07.20 14:03:43 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.23 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Friday's games [2011.07.20 14:26:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Green Clover Games [2011.08.04 16:24:40 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\GreenSauceGames [2011.12.16 16:15:29 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\ICQ [2011.06.16 09:28:47 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\InImages [2010.12.01 12:37:29 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\iWinG [2011.05.25 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Jane s Hotel 3 [2012.05.14 10:26:06 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\MAGIX [2011.06.16 12:54:17 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Nevosoft-Breeze [2012.01.07 15:03:19 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\OpenOffice.org [2010.11.23 19:22:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PeaceCraft2 [2012.02.04 21:17:27 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PeaceCraft3 [2011.06.27 12:15:12 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Ph03nixNewMedia [2011.06.20 10:45:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PlayFirst [2012.02.04 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Playrix Entertainment [2011.07.22 17:09:38 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Simfy [2011.05.02 16:54:13 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Template [2012.05.27 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\TS3Client [2011.07.02 09:52:23 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\ts3overlay [2011.08.14 10:43:20 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Unity [2011.05.25 11:29:39 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\WendigoStudios [2010.11.10 12:39:15 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Windows Live Writer [2011.05.23 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\World-Loom [2011.07.22 09:56:30 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\YoudaGames [2012.06.11 08:02:33 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > so gehe jetzt wieder alle schritte durch. hier der erste: # Die Datei 'C:\Windows\System32\intt4hnvn.tsp' enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.74618.4' [trojan]. Durchgeführte Aktion(en): Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Telephony\Providers\ProviderFilename4> wurde erfolgreich repariert. Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003. Die Datei konnte nicht gelöscht werden! Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! Die Datei konnte nicht gelöscht werden! ----------------------------------------------------------------------- antivirus defogger ---------- # defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:27 on 16/06/2012 (zeller) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- #OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.06.2012 13:36:42 - Run 3 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\zeller\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 69,92% Memory free 6,50 Gb Paging File | 5,35 Gb Available in Paging File | 82,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1305,63 Gb Free Space | 94,87% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,66 Gb Free Space | 58,32% Space Free | Partition Type: NTFS Computer Name: PHOENIX | User Name: zeller | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.11 10:47:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe PRC - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe PRC - [2010.12.08 21:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2005.04.06 16:53:06 | 003,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 14:02:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.15 14:02:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 14:02:00 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.11 07:04:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 07:04:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 07:04:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 07:04:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 07:03:52 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.12.08 21:18:26 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.12.08 21:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.02.02 11:33:39 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3660.33486__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3660.33443__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3660.33319__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3660.33396__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3660.33397__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3660.33417__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3660.33329__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3660.33444__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3660.33395__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3660.33388__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3660.33338__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3660.33330__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3660.33487__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 001,290,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3660.33482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3660.33379__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3660.33458__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3660.33346__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3660.33410__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.02.02 11:33:38 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3660.33371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3660.33378__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3660.33385__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3660.33457__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3660.33384__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3660.33351__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3660.33386__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3639.21544__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3639.21529__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3639.21799__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3639.21677__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3639.21772__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3639.21517__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3639.21518__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3639.21922__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.02.02 11:33:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3639.21571__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3639.21582__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3639.21557__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3639.21776__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3639.21569__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3639.21562__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3639.21599__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3639.21620__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3639.21566__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3639.21663__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3639.21591__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3639.21613__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3639.21806__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3639.21789__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3639.21606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3639.21788__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.02.02 11:33:37 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.02.02 11:33:36 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3660.33325__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.02.02 11:33:36 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3660.33479__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3660.33428__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.02.02 11:33:36 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3660.33337__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.02.02 11:33:36 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3660.33436__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3660.33434__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3639.21679__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3660.33316__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3639.21608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3660.33315__90ba9c70f846762e\APM.Server.dll MOD - [2010.02.02 11:33:36 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3660.33318__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3639.21609__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3639.21670__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3639.21589__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3660.33314__90ba9c70f846762e\AEM.Server.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3660.33451__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3639.21551__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3639.21578__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3639.21577__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3639.21601__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3639.21521__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3639.21666__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3639.21623__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3639.21565__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3639.21594__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3639.21673__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3639.21539__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3639.21592__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3639.21596__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3639.21681__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3639.21611__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3639.21604__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.02.02 11:33:36 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3660.33435__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3639.21570__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.02.02 11:33:36 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3660.33313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - File not found [On_Demand | Stopped] -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr) SRV - [2012.06.08 11:10:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.04 21:08:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\zeller\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\zeller\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.06.05 04:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Google [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.11 13:54:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.11 13:54:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.08 11:10:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.11 06:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeller\AppData\Roaming\mozilla\Extensions [2012.05.06 16:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeller\AppData\Roaming\mozilla\Firefox\Profiles\p48b04s5.default\extensions [2012.03.29 12:19:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\zeller\AppData\Roaming\mozilla\Firefox\Profiles\p48b04s5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.14 15:23:20 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-1.xml [2012.01.17 15:08:38 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-2.xml [2012.02.12 12:30:18 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-3.xml [2012.02.17 13:29:42 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-4.xml [2012.02.22 18:36:34 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-5.xml [2012.03.22 19:39:06 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-6.xml [2012.03.29 13:07:13 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-7.xml [2012.05.01 14:43:37 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-8.xml [2012.06.14 19:01:56 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-9.xml [2012.01.06 11:09:19 | 000,001,056 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin.xml [2012.05.13 17:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.05.13 17:34:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.08 11:10:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.08 11:10:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.08 11:10:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.08 11:10:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.08 11:10:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.08 11:10:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.08 11:10:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.11 15:31:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_16_Plus_Sonderedition_Download-Version\Trayserver.exe (MAGIX AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\nspqalrj.dll File not found O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B216392A-5D26-485D-A3D1-1BA09B9A1893}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.16 09:43:29 | 000,000,000 | ---D | C] -- C:\Users\zeller\Desktop\Neuer Ordner [2012.06.15 14:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.15 14:16:00 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A832892D-A909-4991-89CF-65E33876A7A7} [2012.06.14 09:18:03 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A5DD066F-733D-4997-BB8C-D1D9D4D51975} [2012.06.14 09:17:50 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{8AB7D796-D795-45E0-8353-DD86920B869A} [2012.06.12 21:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge [2012.06.12 21:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Gameforge [2012.06.11 16:04:30 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Roaming\Malwarebytes [2012.06.11 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.11 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.11 16:04:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.11 16:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.11 16:02:44 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\zeller\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.11 15:35:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.06.11 15:21:30 | 004,540,367 | R--- | C] (Swearware) -- C:\Users\zeller\Desktop\ComboFix.exe [2012.06.11 13:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT [2012.06.11 13:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT [2012.06.11 13:46:00 | 126,228,160 | ---- | C] (INTENIUM GmbH) -- C:\Users\zeller\Desktop\DerGesandteDesKoenigs.exe [2012.06.11 13:13:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.11 13:13:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.11 13:13:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.11 13:13:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.06.11 13:12:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.11 12:57:20 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\zeller\Desktop\tdsskiller.exe [2012.06.11 10:47:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe [2012.06.11 07:18:56 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{0A4C483A-9555-4BB0-AEB6-56B917F793D5} [2012.06.11 07:18:41 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{96371A1E-5546-4661-AD5B-2887D9ECA745} [2012.06.10 07:22:01 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{C2E12B95-B211-4EF3-9880-CCB80F87F8EC} [2012.06.10 07:21:39 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{F4EACEAA-5DE7-4784-9AC1-29A278C1B80D} [2012.06.09 13:07:29 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{02D1EE42-84C4-4E18-9A5C-61A1F2FB8A7F} [2012.06.09 13:07:18 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{525EAF42-50FC-4450-B807-4FA1B1ABB338} [2012.06.03 12:23:16 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{D65677EA-F4E5-4611-B695-D164B274FA55} [2012.06.03 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{78645E66-0A70-44D7-895D-A8DDA1AB8CF8} [2012.05.31 12:54:24 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A7590411-AD22-4D4D-A09D-DF5C498B983B} [2012.05.31 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{17F86EC5-F83C-4EE2-9342-E70DD66E13D2} [2012.05.29 18:49:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.05.26 18:43:47 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{E8715F23-BCC1-4E50-A040-BE45D2BA05E9} [2012.05.26 18:43:25 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{D0829E83-DCFB-4B50-8C96-9A4EFF14F44D} [2012.05.23 17:59:46 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{915239B2-624D-44F6-AF04-724FF2B46FD2} [2012.05.23 17:59:23 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{6CC0EB47-25C6-4348-BF4D-06EC191A3549} [2012.05.21 08:13:25 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{26FFF07C-5D63-4110-94EC-D8079F1BB863} [2012.05.21 08:13:02 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{1CBA2674-5CCA-4DFF-BA76-AC66373001CC} [2012.05.19 13:48:37 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{88404B46-E740-4768-BD9C-2D86365E1FED} [2012.05.19 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{AC5825A1-BD29-4167-8EF1-DC3384CF30D7} [2012.05.19 09:37:54 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{14AAA730-538C-4F56-A3EB-98307E769DBF} [2012.05.19 09:37:29 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{C7AA86AC-4307-4F6A-A673-C9BA5E8AA6DB} [2012.05.18 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{2446465A-6271-45C6-B738-C00EFBAF6F85} [2012.05.18 16:38:42 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{92B230ED-8336-414B-9064-A8418C96B8A8} [2012.05.17 22:30:20 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{6674542A-37F7-4DC8-B447-4C800BE21D20} [2012.05.17 22:30:08 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{06CCA256-F922-48A0-9FB0-886CD9F7671F} [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.16 13:34:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.16 13:34:31 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2012.06.16 13:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.16 13:01:40 | 000,024,592 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\wklnhst.dat [2012.06.16 10:14:59 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.16 10:14:59 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.16 10:14:59 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.16 10:14:59 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.16 08:11:09 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 08:11:09 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.15 14:00:35 | 000,480,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.12 21:17:38 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\AION Free-To-Play.lnk [2012.06.11 16:04:27 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.11 16:02:54 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\zeller\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.11 15:31:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.06.11 15:19:46 | 004,540,367 | R--- | M] (Swearware) -- C:\Users\zeller\Desktop\ComboFix.exe [2012.06.11 13:52:03 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk [2012.06.11 13:52:01 | 000,001,299 | ---- | M] () -- C:\Users\Public\Desktop\Der Gesandte des Königs.lnk [2012.06.11 13:48:35 | 126,228,160 | ---- | M] (INTENIUM GmbH) -- C:\Users\zeller\Desktop\DerGesandteDesKoenigs.exe [2012.06.11 12:57:25 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\zeller\Desktop\tdsskiller.exe [2012.06.11 12:46:48 | 000,601,715 | ---- | M] () -- C:\Users\zeller\Desktop\adwcleaner.exe [2012.06.11 11:53:54 | 000,302,592 | ---- | M] () -- C:\Users\zeller\Desktop\fmvg7wjv.exe [2012.06.11 10:47:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe [2012.06.11 10:47:05 | 000,000,000 | ---- | M] () -- C:\Users\zeller\defogger_reenable [2012.06.11 10:34:33 | 000,050,477 | ---- | M] () -- C:\Users\zeller\Desktop\Defogger.exe [2012.05.29 18:49:16 | 314,693,193 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.05.27 19:47:51 | 000,175,386 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-27 19_47_47.642913.dmp [2012.05.26 18:43:13 | 000,167,190 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-26 18_43_11.590207.dmp [2012.05.17 16:57:08 | 000,167,170 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-17 16_57_07.884563.dmp [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.12 21:17:38 | 000,002,147 | ---- | C] () -- C:\Users\Public\Desktop\AION Free-To-Play.lnk [2012.06.11 16:04:27 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.11 13:52:01 | 000,001,299 | ---- | C] () -- C:\Users\Public\Desktop\Der Gesandte des Königs.lnk [2012.06.11 13:13:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.11 13:13:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.11 13:13:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.11 13:13:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.11 13:13:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.11 12:46:47 | 000,601,715 | ---- | C] () -- C:\Users\zeller\Desktop\adwcleaner.exe [2012.06.11 11:53:53 | 000,302,592 | ---- | C] () -- C:\Users\zeller\Desktop\fmvg7wjv.exe [2012.06.11 10:47:05 | 000,000,000 | ---- | C] () -- C:\Users\zeller\defogger_reenable [2012.06.11 10:34:31 | 000,050,477 | ---- | C] () -- C:\Users\zeller\Desktop\Defogger.exe [2012.05.29 18:49:16 | 314,693,193 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.05.27 19:47:47 | 000,175,386 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-27 19_47_47.642913.dmp [2012.05.26 18:43:11 | 000,167,190 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-26 18_43_11.590207.dmp [2012.05.17 16:57:07 | 000,167,170 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-17 16_57_07.884563.dmp [2011.11.08 20:56:38 | 000,000,094 | ---- | C] () -- C:\Users\zeller\AppData\Local\fusioncache.dat [2011.05.02 16:54:11 | 000,024,592 | ---- | C] () -- C:\Users\zeller\AppData\Roaming\wklnhst.dat [2010.12.04 12:30:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.09.01 10:02:54 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe ========== LOP Check ========== [2011.06.21 10:26:28 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\aliasworlds [2010.11.25 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Anarchy [2010.12.08 13:47:49 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Be a King 2 [2011.05.24 19:48:37 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\BlamGames [2011.05.26 18:52:56 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Boolat Games [2010.11.15 10:22:07 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\capella-software [2012.04.16 09:27:50 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.05.25 09:01:08 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DivoGames [2011.05.25 16:14:11 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Dreamsdwell Stories [2011.07.22 17:50:04 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DVDVideoSoft [2011.07.20 14:03:43 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.23 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Friday's games [2011.07.20 14:26:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Green Clover Games [2011.08.04 16:24:40 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\GreenSauceGames [2011.12.16 16:15:29 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\ICQ [2011.06.16 09:28:47 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\InImages [2010.12.01 12:37:29 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\iWinG [2011.05.25 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Jane s Hotel 3 [2012.05.14 10:26:06 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\MAGIX [2011.06.16 12:54:17 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Nevosoft-Breeze [2012.01.07 15:03:19 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\OpenOffice.org [2010.11.23 19:22:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PeaceCraft2 [2012.02.04 21:17:27 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PeaceCraft3 [2011.06.27 12:15:12 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Ph03nixNewMedia [2011.06.20 10:45:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PlayFirst [2012.02.04 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Playrix Entertainment [2011.07.22 17:09:38 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Simfy [2011.05.02 16:54:13 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Template [2012.05.27 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\TS3Client [2011.07.02 09:52:23 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\ts3overlay [2011.08.14 10:43:20 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Unity [2011.05.25 11:29:39 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\WendigoStudios [2010.11.10 12:39:15 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Windows Live Writer [2011.05.23 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\World-Loom [2011.07.22 09:56:30 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\YoudaGames [2012.06.11 08:02:33 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
16.06.2012, 19:10
| #17 |
| | TR/mediyes.F.3 gmer
__________________# GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-16 20:04:06
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000056 WDC_WD15 rev.80.0
Running: fmvg7wjv.exe; Driver: C:\Users\zeller\AppData\Local\Temp\pgldapow.sys
---- System - GMER 1.0.15 ----
SSDT 90CE8876 ZwCreateSection
SSDT 90CE8880 ZwRequestWaitReplyPort
SSDT 90CE887B ZwSetContextThread
SSDT 90CE8885 ZwSetSecurityObject
SSDT 90CE888A ZwSystemDebugControl
SSDT 90CE8817 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 830423C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307BD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 83082EAC 4 Bytes [76, 88, CE, 90] {JBE 0xffffffffffffff8a; INTO ; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 83083208 4 Bytes [80, 88, CE, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 8308324C 4 Bytes [7B, 88, CE, 90] {JNP 0xffffffffffffff8a; INTO ; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 830832C8 4 Bytes [85, 88, CE, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 8308331C 4 Bytes [8A, 88, CE, 90]
.text ...
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x92234000, 0x2D293E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtClose 77D354C8 5 Bytes JMP 01321B91
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtCreateSection 77D356E8 5 Bytes JMP 013208F8
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtMapViewOfSection 77D35C28 5 Bytes JMP 01320BD4
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtOpenFile 77D35CD8 5 Bytes JMP 013218B4
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtOpenSection 77D35DC8 5 Bytes JMP 01320683
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtQueryAttributesFile 77D35F38 5 Bytes JMP 013215E1
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtQuerySection 77D36188 5 Bytes JMP 0132116D
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtQueryVirtualMemory 77D36258 5 Bytes JMP 01321D66
.text C:\Windows\system32\svchost.exe[1024] ntdll.dll!NtUnmapViewOfSection 77D369B8 5 Bytes JMP 01320F2E
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!free 77B29894 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!malloc 77B29CEE 5 Bytes JMP 0A90D230 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!??3@YAXPAX@Z 77B2B0B9 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!??2@YAPAXI@Z 77B2B0C9 5 Bytes JMP 0A90D480 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!realloc 77B2B10D 5 Bytes JMP 0A90D2B0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!calloc 77B2C456 5 Bytes JMP 0A90D270 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_msize 77B2F43B 5 Bytes JMP 0A90D2E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_aligned_free 77B45942 5 Bytes JMP 0A90D2D0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_aligned_malloc 77B5028D 5 Bytes JMP 0A90D3C0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_aligned_offset_malloc 77B502A9 5 Bytes JMP 0A90D3E0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77B7BFD1 5 Bytes JMP 0A90D500 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_aligned_offset_realloc 77B7BFE1 5 Bytes JMP 0A90D420 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_aligned_realloc 77B7C16B 5 Bytes JMP 0A90D400 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_expand 77B7C18A 5 Bytes JMP 0A90D3A0 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_heapadd 77B7DD03 5 Bytes JMP 0A90D550 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_heapchk 77B7DD17 5 Bytes JMP 0A90D560 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_heapset + 1 77B7DE16 4 Bytes JMP 0A90D581 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_heapmin 77B7DE1F 3 Bytes JMP 0A90D650 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_heapmin + 4 77B7DE23 1 Byte [92]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_heapused 77B7DF05 5 Bytes JMP 0A90D620 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1660] msvcrt.dll!_heapwalk 77B7DF18 5 Bytes JMP 0A90D590 C:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] kernel32.dll!CreateThread 7680DCC2 5 Bytes JMP 6DE575CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!EnableWindow 76668D02 5 Bytes JMP 6DE99EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!CallNextHookEx 7666ABE1 5 Bytes JMP 6DEB7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!UnhookWindowsHookEx 7666ADF9 5 Bytes JMP 6DEDECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!DefWindowProcA 7666BB1C 7 Bytes JMP 6DE597F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!CreateWindowExA 7666BF40 5 Bytes JMP 6DE6362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!SetWindowsHookExW 7666E30C 5 Bytes JMP 6DE925AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!CreateWindowExW 7666EC7C 5 Bytes JMP 6DEC03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!DefWindowProcW 7667507D 7 Bytes JMP 6DEB8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!DialogBoxParamW 76683B9B 5 Bytes JMP 6DDF187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!DialogBoxIndirectParamW 76693B7F 5 Bytes JMP 6DFE8D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!DialogBoxParamA 766ACF42 5 Bytes JMP 6DFE8D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!DialogBoxIndirectParamA 766AD274 5 Bytes JMP 6DFE8DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!MessageBoxIndirectA 766BE869 5 Bytes JMP 6DFE8CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!MessageBoxIndirectW 766BE963 5 Bytes JMP 6DFE8C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!MessageBoxExA 766BE9C9 5 Bytes JMP 6DFE8BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] USER32.dll!MessageBoxExW 766BE9ED 5 Bytes JMP 6DFE8B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3488] ole32.dll!OleLoadFromStream 768A6143 5 Bytes JMP 6DFE955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] kernel32.dll!CreateThread 7680DCC2 5 Bytes JMP 6DE575CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!EnableWindow 76668D02 5 Bytes JMP 6DE99EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!CallNextHookEx 7666ABE1 5 Bytes JMP 6DEB7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!UnhookWindowsHookEx 7666ADF9 5 Bytes JMP 6DEDECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!DefWindowProcA 7666BB1C 7 Bytes JMP 6DE597F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!CreateWindowExA 7666BF40 5 Bytes JMP 6DE6362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!SetWindowsHookExW 7666E30C 5 Bytes JMP 6DE925AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!CreateWindowExW 7666EC7C 5 Bytes JMP 6DEC03B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!DefWindowProcW 7667507D 7 Bytes JMP 6DEB8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!DialogBoxParamW 76683B9B 5 Bytes JMP 6DDF187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!DialogBoxIndirectParamW 76693B7F 5 Bytes JMP 6DFE8D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!DialogBoxParamA 766ACF42 5 Bytes JMP 6DFE8D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!DialogBoxIndirectParamA 766AD274 5 Bytes JMP 6DFE8DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!MessageBoxIndirectA 766BE869 5 Bytes JMP 6DFE8CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!MessageBoxIndirectW 766BE963 5 Bytes JMP 6DFE8C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!MessageBoxExA 766BE9C9 5 Bytes JMP 6DFE8BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!MessageBoxExW 766BE9ED 5 Bytes JMP 6DFE8B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5584] USER32.dll!EnableWindow 76668D02 5 Bytes JMP 6DE99EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5584] USER32.dll!DialogBoxParamW 76683B9B 5 Bytes JMP 6DDF187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5584] USER32.dll!DialogBoxIndirectParamW 76693B7F 5 Bytes JMP 6DFE8D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5584] USER32.dll!DialogBoxParamA 766ACF42 5 Bytes JMP 6DFE8D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5584] USER32.dll!DialogBoxIndirectParamA 766AD274 5 Bytes JMP 6DFE8DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5584] USER32.dll!MessageBoxIndirectA 766BE869 5 Bytes JMP 6DFE8CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5584] USER32.dll!MessageBoxIndirectW 766BE963 5 Bytes JMP 6DFE8C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5584] USER32.dll!MessageBoxExA 766BE9C9 5 Bytes JMP 6DFE8BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5584] USER32.dll!MessageBoxExW 766BE9ED 5 Bytes JMP 6DFE8B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library C:\Windows\system32\o56t2.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1024] 0x04240000
---- EOF - GMER 1.0.15 ----
der Ordner Programme wurde komplett gelöscht. ich habe keinen zugriff mehr auf 1. Dokumente und Einstellungen 2. MSO Cache 3. Programme 4. Recovery 5. System Volume Information ----------------------------------------- desweiteren gibt es einen neuen ordner sowohl auf C/ als auch auf D/ der heisst $RECYCLE. BIN Geändert von black_rose (16.06.2012 um 19:23 Uhr) |
|
18.06.2012, 07:11
| #18 |
| | TR/mediyes.F.3 Hätte ich für den neuen Virus ein neues thread öffnen müssen
__________________ |
|
18.06.2012, 08:31
| #19 |
| /// Malwareteam    | TR/mediyes.F.3 Was ist DAS denn jetzt??  Sind das Logfiles von einem anderen Rechner???
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
18.06.2012, 11:02
| #20 |
| | TR/mediyes.F.3 nein, langsam bin ich ewas ratlos was da los ist ich kann auf nix mehr zugreifen. wie schon beschrieben.  soll ich meinen rechner neu aufsetzen? bräuchte eine genaue anweisung, da ich mich in dem bereich nicht auskenne. lg rose |
|
18.06.2012, 11:56
| #21 |
| /// Malwareteam | TR/mediyes.F.3 Wer wollte denn hier neue Logs sehen? Ich habe dir Anweisungen für ESET geschickt, was ist damit?
__________________ --> TR/mediyes.F.3 |
|
18.06.2012, 22:04
| #22 |
| | TR/mediyes.F.3 "Klicke . list of found threats Klicke export to text file und speichere das Logfile als ESET.txt auf dem Desktop" erscheint nicht, nur finish und dann schliesst das programm. Hab den ersten scan nochmal gefunden # C:\Windows\System32\intt4hnvn.tsp a variant of Win32/Mediyes.L trojan |
|
19.06.2012, 22:14
| #23 |
| /// Malwareteam | TR/mediyes.F.3 CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter FILE::
C:\Windows\System32\intt4hnvn.tsp
Wichtig:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
20.06.2012, 17:58
| #24 |
| | TR/mediyes.F.3 # Combofix Logfile: Code:
ATTFilter ComboFix 12-06-20.01 - zeller 20.06.2012 16:51:28.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3326.2223 [GMT 2:00]
ausgeführt von:: c:\users\zeller\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\zeller\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\intt4hnvn.tsp"
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-20 bis 2012-06-20 ))))))))))))))))))))))))))))))
.
.
2012-06-20 14:57 . 2012-06-20 14:57 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-06-20 14:57 . 2012-06-20 14:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 12:26 . 2012-06-15 12:26 -------- d-----w- c:\program files\ESET
2012-06-14 07:13 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 07:13 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 07:13 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 07:13 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 07:13 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 07:13 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 07:13 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 07:13 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 07:13 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 07:13 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 19:19 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-06-12 19:19 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-06-12 19:19 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-06-12 19:19 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-06-12 19:19 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-06-12 19:19 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-06-12 19:19 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-06-12 19:19 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-06-12 19:19 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-06-12 19:19 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-06-12 19:19 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-06-12 19:19 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-06-12 19:17 . 2012-06-12 19:17 -------- d-----w- c:\program files\Gameforge
2012-06-11 14:04 . 2012-06-11 14:04 -------- d-----w- c:\users\zeller\AppData\Roaming\Malwarebytes
2012-06-11 14:04 . 2012-06-11 14:04 -------- d-----w- c:\programdata\Malwarebytes
2012-06-11 14:04 . 2012-06-11 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-11 14:04 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 01:46 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-09 01:46 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-09 01:46 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-09 01:46 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-09 01:45 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-09 01:45 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-09 01:45 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-09 01:45 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-09 01:45 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-08 09:10 . 2012-06-08 09:10 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-08 09:10 . 2012-06-08 09:10 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-05-31 08:28 . 2012-06-11 11:21 -------- d-----w- c:\users\spiel
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 19:08 . 2012-03-30 17:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 19:08 . 2011-12-20 17:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-27 08:20 . 2012-05-17 08:22 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-24 22:32 . 2012-05-17 08:22 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-16 19:17 . 2012-05-17 08:22 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-13 07:36 . 2012-05-16 06:44 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7AF9F5A-B928-4EF1-A7CF-8F36E032C1BE}\mpengine.dll
2012-04-11 14:43 . 2011-09-08 08:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 04:39 . 2012-05-10 07:05 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 07:05 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-10 07:06 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-17 15:23 . 2011-10-11 04:50 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-11_11.30.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-14 07:13 . 2012-04-26 04:32 58880 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21980_none_9c529546e2a9554d\rdpwsx.dll
+ 2012-06-14 07:13 . 2012-04-26 04:45 58880 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_9c11da53c953d895\rdpwsx.dll
+ 2012-06-14 07:13 . 2012-04-26 04:44 57856 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21200_none_9ac28fc2e5423d1b\rdpwsx.dll
+ 2012-06-14 07:13 . 2012-04-26 04:48 57856 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.17009_none_9a41f3abcc1c8439\rdpwsx.dll
+ 2011-05-09 08:47 . 2010-11-20 10:21 15872 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.21982_none_31d187047f696dc4\rdpvideominiport.sys
+ 2011-05-09 08:47 . 2010-11-20 10:21 15872 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17830_none_317bf94166250f97\rdpvideominiport.sys
+ 2011-05-09 08:46 . 2010-11-20 12:20 28672 c:\windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.21985_none_fdf7b4abaa4498e1\profprov.dll
+ 2011-05-09 08:46 . 2010-11-20 12:20 28672 c:\windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.17832_none_fda1269e9101215d\profprov.dll
+ 2012-06-14 17:19 . 2012-05-17 22:11 73216 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20551_none_6111b92c76e10a06\mshtmled.dll
+ 2012-06-14 17:19 . 2012-05-17 22:25 73216 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16446_none_6097edbf5db6ccfe\mshtmled.dll
+ 2012-06-14 17:19 . 2012-05-17 22:15 66048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\WininetPlugin.dll
+ 2012-06-14 17:19 . 2012-05-17 22:15 65024 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\jsproxy.dll
+ 2012-06-14 17:19 . 2012-05-17 22:31 66048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\WininetPlugin.dll
+ 2012-06-14 17:19 . 2012-05-17 22:31 65024 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\jsproxy.dll
+ 2012-04-11 08:30 . 2010-11-13 00:02 24576 c:\windows\winsxs\msil_system.drawing.resources_b03f5f7f11d50a3a_6.1.7601.21979_de-de_79d921c8ef1814f1\System.Drawing.Resources.dll
+ 2012-04-11 08:30 . 2010-11-13 00:02 24576 c:\windows\winsxs\msil_system.drawing.resources_b03f5f7f11d50a3a_6.1.7601.17827_de-de_90a1f4a6d57502f6\System.Drawing.Resources.dll
+ 2012-06-14 17:19 . 2012-05-17 22:25 73216 c:\windows\System32\mshtmled.dll
- 2012-04-11 11:27 . 2012-02-28 01:08 66048 c:\windows\System32\migration\WininetPlugin.dll
+ 2012-06-14 17:19 . 2012-05-17 22:31 66048 c:\windows\System32\migration\WininetPlugin.dll
+ 2012-06-14 17:19 . 2012-05-17 22:31 65024 c:\windows\System32\jsproxy.dll
- 2012-04-11 11:27 . 2012-02-28 01:08 65024 c:\windows\System32\jsproxy.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-05-10 12:45 . 2012-05-10 12:45 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-06-12 19:17 . 2012-06-12 19:17 73728 c:\windows\Installer\{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}\NewShortcut111_ACBFC3244A264E968A8C67DF2496EB0A.exe
+ 2012-06-12 19:17 . 2012-06-12 19:17 73728 c:\windows\Installer\{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}\NewShortcut11_8D25E99A266549CFB366DEA1635FCBBD.exe
+ 2012-06-12 19:17 . 2012-06-12 19:17 73728 c:\windows\Installer\{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}\ARPPRODUCTICON.exe
+ 2012-06-15 12:05 . 2012-06-15 12:05 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\fbca78795c4dd2a0df1fbc45cef56513\WindowsLiveWriter.ni.exe
+ 2012-06-15 12:06 . 2012-06-15 12:06 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2b97ccae44726f13c418f1406180c3e8\System.Web.DynamicData.Design.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 95232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\be06f4f309e2225a832c344a9f995e69\Microsoft.MediaCenter.ITVVM.ni.dll
- 2012-04-11 08:30 . 2010-11-12 23:19 24576 c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll
+ 2012-04-11 08:30 . 2010-11-13 00:02 24576 c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-06-14 07:13 . 2012-04-26 04:28 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21980_none_9c529546e2a9554d\rdrmemptylst.exe
+ 2012-06-14 07:13 . 2012-04-26 04:41 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_9c11da53c953d895\rdrmemptylst.exe
+ 2012-06-14 07:13 . 2012-04-26 04:39 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21200_none_9ac28fc2e5423d1b\rdrmemptylst.exe
+ 2012-06-14 07:13 . 2012-04-26 04:43 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.17009_none_9a41f3abcc1c8439\rdrmemptylst.exe
- 2012-06-11 05:05 . 2012-06-11 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-20 06:53 . 2012-06-20 06:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-20 06:53 . 2012-06-20 06:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-11 05:05 . 2012-06-11 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-14 07:13 . 2012-04-28 03:19 152064 c:\windows\winsxs\x86_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7600.21202_none_e53f2bcfcf2c19ad\rdpdd.dll
+ 2012-06-14 07:13 . 2012-04-26 04:32 129536 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21980_none_9c529546e2a9554d\rdpcorekmts.dll
+ 2012-06-14 07:13 . 2012-04-26 04:45 129536 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17828_none_9c11da53c953d895\rdpcorekmts.dll
+ 2012-06-14 07:13 . 2012-04-26 04:44 129536 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21200_none_9ac28fc2e5423d1b\rdpcorekmts.dll
+ 2012-06-14 07:13 . 2012-04-26 04:48 129536 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.17009_none_9a41f3abcc1c8439\rdpcorekmts.dll
+ 2012-06-14 07:13 . 2012-04-28 03:08 183808 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21982_none_4db8e4a84c9cc98d\rdpwd.sys
+ 2012-06-14 07:13 . 2012-04-28 03:17 183808 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17830_none_4d6356e533586b60\rdpwd.sys
+ 2012-06-14 07:13 . 2012-04-28 03:19 178176 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21202_none_4c28df244f35b15b\rdpwd.sys
+ 2012-06-14 07:13 . 2012-04-28 03:19 177152 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.17011_none_4b93703d36211704\rdpwd.sys
+ 2012-06-14 17:19 . 2012-05-17 22:13 716800 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.20551_none_9bc8b85c2aa09c1f\jscript.dll
+ 2012-06-14 17:19 . 2012-05-17 22:29 716800 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.16446_none_9b4eecef11765f17\jscript.dll
+ 2011-05-09 08:48 . 2010-11-20 10:24 134656 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.21982_none_31d187047f696dc4\rdpudd.dll
+ 2012-06-14 07:13 . 2012-04-28 04:31 919040 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.21982_none_31d187047f696dc4\rdpcorets.dll
+ 2011-05-09 08:48 . 2010-11-20 10:24 134656 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17830_none_317bf94166250f97\rdpudd.dll
+ 2012-06-14 07:13 . 2012-04-28 04:41 919040 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17830_none_317bf94166250f97\rdpcorets.dll
+ 2012-06-14 07:13 . 2012-05-02 04:29 166912 c:\windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.21985_none_fdf7b4abaa4498e1\profsvc.dll
+ 2012-06-14 07:13 . 2012-05-01 04:44 164352 c:\windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7601.17832_none_fda1269e9101215d\profsvc.dll
+ 2012-06-14 07:13 . 2012-05-02 04:38 166400 c:\windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7600.21205_none_fc67af27acdd80af\profsvc.dll
+ 2012-06-14 07:13 . 2012-05-02 04:52 163328 c:\windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7600.17014_none_fbd2404093c8e658\profsvc.dll
+ 2012-06-14 17:19 . 2012-05-17 22:08 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20551_none_7d8b3c64e19b4e5b\ieui.dll
+ 2012-06-14 17:19 . 2012-05-17 22:20 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16446_none_7d1170f7c8711153\ieui.dll
+ 2012-06-14 17:19 . 2012-05-17 22:17 231936 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.20551_none_0913a10b9146a5a2\url.dll
+ 2012-06-14 17:19 . 2012-05-17 22:33 231936 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.16446_none_0899d59e781c689a\url.dll
+ 2012-06-14 17:19 . 2012-05-17 22:59 140920 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20551_none_608c7a1ec0007555\sqmapi.dll
+ 2012-06-14 17:19 . 2012-05-17 23:21 140920 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16446_none_6012aeb1a6d6384d\sqmapi.dll
+ 2012-06-14 17:19 . 2012-05-17 22:21 387584 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.4.8112.20551_none_d3551ea3012181e1\jsdbgui.dll
+ 2012-06-14 17:19 . 2012-05-17 22:37 387584 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.4.8112.16446_none_d2db5335e7f744d9\jsdbgui.dll
+ 2012-06-14 17:19 . 2012-05-17 22:14 142848 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.20551_none_484acfce4d7ac5db\ieUnatt.exe
+ 2012-06-14 17:19 . 2012-05-17 22:29 142848 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.16446_none_47d10461345088d3\ieUnatt.exe
+ 2012-06-14 17:19 . 2012-05-17 22:15 194048 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.20551_none_6075ffbacdb547e5\IEShims.dll
+ 2012-06-14 17:19 . 2012-05-17 22:31 194048 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.16446_none_5ffc344db48b0add\IEShims.dll
+ 2012-06-14 17:19 . 2012-05-17 22:16 194560 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.20551_none_a917b4247e0ce177\ieproxy.dll
+ 2012-06-14 17:19 . 2012-05-17 22:31 194560 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.4.8112.16446_none_a89de8b764e2a46f\ieproxy.dll
+ 2012-06-14 17:19 . 2012-05-17 22:21 678912 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.20551_none_548ddc957352a339\iedvtool.dll
+ 2012-06-14 17:19 . 2012-05-17 22:38 678912 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.16446_none_541411285a286631\iedvtool.dll
+ 2012-06-14 17:19 . 2012-05-17 22:59 748664 c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_b19f2c1ee1420ce6\iexplore.exe
+ 2012-06-14 17:19 . 2012-05-17 23:21 748664 c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_b12560b1c817cfde\iexplore.exe
+ 2012-06-14 07:13 . 2012-04-24 04:28 142336 c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
+ 2012-06-14 07:13 . 2012-04-24 04:36 140288 c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
+ 2012-06-14 07:13 . 2012-04-24 04:33 141312 c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll
+ 2012-06-14 07:13 . 2012-04-24 04:47 139264 c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
+ 2012-06-14 07:13 . 2012-04-24 04:28 103936 c:\windows\winsxs\x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.1.7601.21979_none_196e6f6c73618fe7\cryptnet.dll
+ 2012-06-14 07:13 . 2012-04-24 04:36 103936 c:\windows\winsxs\x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.1.7601.17827_none_1918e1a95a1d31ba\cryptnet.dll
+ 2012-06-14 07:13 . 2012-04-24 04:33 103936 c:\windows\winsxs\x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.1.7600.21199_none_177248ca764b91f8\cryptnet.dll
+ 2012-06-14 07:13 . 2012-04-24 04:47 103936 c:\windows\winsxs\x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.1.7600.17008_none_1748fb015ce5dd5e\cryptnet.dll
+ 2011-06-22 07:10 . 2010-11-13 00:02 434176 c:\windows\winsxs\msil_system.windows.forms.resources_b77a5c561934e089_6.1.7601.21949_de-de_73a76901aaf9cece\System.Windows.Forms.Resources.dll
+ 2011-06-22 07:10 . 2010-11-13 00:02 434176 c:\windows\winsxs\msil_system.windows.forms.resources_b77a5c561934e089_6.1.7601.17798_de-de_8a7a281f914dd389\System.Windows.Forms.Resources.dll
+ 2012-06-14 07:13 . 2012-04-23 22:31 630784 c:\windows\winsxs\msil_system.drawing_b03f5f7f11d50a3a_6.1.7601.21979_none_4d277552c71a615d\System.Drawing.dll
+ 2012-06-14 07:13 . 2012-04-23 22:35 630784 c:\windows\winsxs\msil_system.drawing_b03f5f7f11d50a3a_6.1.7601.17827_none_63f04830ad774f62\System.Drawing.dll
+ 2012-06-14 07:13 . 2010-11-13 00:02 544768 c:\windows\winsxs\msil_system.design.resources_b03f5f7f11d50a3a_6.1.7601.21949_de-de_d2186770b69dc3ca\System.Design.Resources.dll
+ 2012-06-14 07:13 . 2010-11-12 23:19 544768 c:\windows\winsxs\msil_system.design.resources_b03f5f7f11d50a3a_6.1.7601.17798_de-de_e8eb268e9cf1c885\System.Design.Resources.dll
+ 2012-06-14 17:19 . 2012-05-17 22:33 231936 c:\windows\System32\url.dll
- 2012-04-11 11:27 . 2012-02-28 01:09 231936 c:\windows\System32\url.dll
- 2012-04-11 11:27 . 2012-02-28 01:06 716800 c:\windows\System32\jscript.dll
+ 2012-06-14 17:19 . 2012-05-17 22:29 716800 c:\windows\System32\jscript.dll
+ 2012-06-14 17:19 . 2012-05-17 22:29 142848 c:\windows\System32\ieUnatt.exe
- 2012-03-15 21:45 . 2012-03-15 21:45 142848 c:\windows\System32\ieUnatt.exe
- 2012-04-11 11:27 . 2012-02-28 00:59 176640 c:\windows\System32\ieui.dll
+ 2012-06-14 17:19 . 2012-05-17 22:20 176640 c:\windows\System32\ieui.dll
+ 2012-04-21 09:03 . 2012-04-21 09:03 616024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
- 2012-04-11 08:30 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-06-14 07:13 . 2012-04-23 22:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 616024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 156440 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-06-15 12:07 . 2012-06-15 12:07 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
+ 2012-06-15 12:07 . 2012-06-15 12:07 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
+ 2012-06-15 12:07 . 2012-06-15 12:07 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll
+ 2012-06-15 12:07 . 2012-06-15 12:07 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\8cc4dd9babffe370cf375925fba15f84\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\5b4b71fd140484201d0e285a14cce17a\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e92c100773e1aa6e0094ac430b496ace\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e35141184454c11a98f333c5b7b5c4c3\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac47170bea9a3515287134ce8c3dae4a\WindowsLive.Writer.Interop.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8adf64dec1f056a5c36720ac34045370\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\882aeb909ff121fae01034b7e9627936\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8437eb811a83c1d04c10c6d91abc606b\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6f110f192197df8fd4d84e270edf7825\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3e388ec2100141e62e0f3cb81aa42ce0\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2bfd2895928710d7cf422c48b6e915d0\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1af8e0bd9d63b6263bda26b9ffc1f053\WindowsLive.Writer.Api.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 223232 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\c5d63c774d84fccad17b4215692d4f02\WindowsLive.Client.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\f3e052584df9c614407da662dd3c3df3\TaskScheduler.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\06e4119a0a3484bb0ca667a16145ce74\System.Web.Routing.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4f13c2c06fb97f6659473f02802b377b\System.Web.Extensions.Design.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3701488fb9e601ebe963db25b784d684\System.Web.Entity.Design.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a09cc9877f51f16a4610b702155e8b70\System.Web.DynamicData.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c6aad1edcc51862ceb26b6b65dad1490\System.Web.Abstractions.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\912a0776c2bfd35ff76bd0b8ba977ed4\System.Drawing.Design.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\498d2033c60fe5b777cf923b71b25972\System.Configuration.Install.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\95728bff8fc3071e53352204e87a3a81\napsnap.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\029ac1d25c3be266af0a49eef06ff6e7\napinit.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1e03b7c2539c5376f0665a4aba04efbd\MMCFxCommon.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 229888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\b82fa34c1f76810e14180eb626fdd026\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\622b582866fca37f113bd97ae4c6d1f6\Microsoft.ManagementConsole.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 371712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcplayerinterop\bb62b376c2ea0c66913d6bc2a3391ed9\mcplayerinterop.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\mcGlidHostObj\9158e9c3e95b609b7dd5199ee6c676e4\mcGlidHostObj.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\02577b78c6ed2f9bda301de888dccad8\EventViewer.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\778542790c617b0394213b0a542e3ef2\ehExtHost.ni.exe
+ 2012-06-15 12:05 . 2012-06-15 12:05 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\1af22c8ecb0834c7bef76b2e669c04f3\AspNetMMCExt.ni.dll
- 2012-04-11 08:30 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-14 07:13 . 2012-04-23 22:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-07-14 08:47 . 2009-07-14 08:47 544768 c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Design.Resources.dll
+ 2012-06-14 07:13 . 2010-11-12 23:19 544768 c:\windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Design.Resources.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-06-14 07:13 . 2012-05-15 00:58 2351616 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21995_none_bb2f070d122672e9\win32k.sys
+ 2012-06-14 07:13 . 2012-05-15 01:05 2343936 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17842_none_bad878fff8e2fb65\win32k.sys
+ 2012-06-14 07:13 . 2012-05-15 01:05 2351616 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21215_none_b99f018914bf5ab7\win32k.sys
+ 2012-06-14 07:13 . 2012-05-15 01:12 2342400 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.17024_none_b90992a1fbaac060\win32k.sys
+ 2012-06-14 17:19 . 2012-05-17 22:28 1800192 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.20551_none_9bc8b85c2aa09c1f\jscript9.dll
+ 2012-06-14 17:19 . 2012-05-17 22:45 1800192 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.16446_none_9b4eecef11765f17\jscript9.dll
+ 2012-06-14 07:13 . 2012-04-07 22:42 2342912 c:\windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.21960_none_05d179d02b1095a4\msi.dll
+ 2012-06-14 07:13 . 2012-04-07 11:26 2342400 c:\windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7601.17807_none_058fbe9311bbff95\msi.dll
+ 2012-06-14 07:13 . 2012-04-07 11:37 2342912 c:\windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7600.21183_none_03d8540c2df7e3ba\msi.dll
+ 2012-06-14 07:13 . 2012-04-07 11:34 2342400 c:\windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.1.7600.16992_none_03430ee914e31348\msi.dll
+ 2012-06-14 17:19 . 2012-05-17 22:29 9737728 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20551_none_7d8b3c64e19b4e5b\ieframe.dll
+ 2012-06-14 17:19 . 2012-05-17 22:48 9737728 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16446_none_7d1170f7c8711153\ieframe.dll
+ 2012-06-14 17:19 . 2012-05-17 22:12 1793024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20551_none_608c7a1ec0007555\iertutil.dll
+ 2012-06-14 17:19 . 2012-05-17 22:27 1793024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16446_none_6012aeb1a6d6384d\iertutil.dll
+ 2012-06-14 17:19 . 2012-05-17 22:19 1129472 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\wininet.dll
+ 2012-06-14 17:19 . 2012-05-17 22:35 1129472 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\wininet.dll
+ 2012-06-14 17:19 . 2012-05-17 22:20 1103872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.20551_none_cdcbe7a10a463065\urlmon.dll
+ 2012-06-14 17:19 . 2012-05-17 22:36 1103872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.16446_none_cd521c33f11bf35d\urlmon.dll
+ 2012-06-14 07:13 . 2012-04-24 04:28 1159168 c:\windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7601.21979_none_5dc4f02e555f9d7d\crypt32.dll
+ 2012-06-14 07:13 . 2012-04-24 04:36 1158656 c:\windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7601.17827_none_5d6f626b3c1b3f50\crypt32.dll
+ 2012-06-14 07:13 . 2012-04-24 04:33 1156608 c:\windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7600.21199_none_5bc8c98c58499f8e\crypt32.dll
+ 2012-06-14 07:13 . 2012-04-24 04:47 1156608 c:\windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7600.17008_none_5b9f7bc33ee3eaf4\crypt32.dll
+ 2012-06-14 07:13 . 2012-03-21 22:29 5025792 c:\windows\winsxs\msil_system.windows.forms_b77a5c561934e089_6.1.7601.21949_none_ee7d1c9d19d30450\System.Windows.Forms.dll
+ 2012-06-14 07:13 . 2012-03-21 22:32 5025792 c:\windows\winsxs\msil_system.windows.forms_b77a5c561934e089_6.1.7601.17798_none_054fdbbb0027090b\System.Windows.Forms.dll
+ 2012-06-14 07:13 . 2012-03-21 22:29 5062656 c:\windows\winsxs\msil_system.design_b03f5f7f11d50a3a_6.1.7601.21949_none_72db44b9d967ee2c\System.Design.dll
+ 2012-06-14 07:13 . 2012-03-21 22:32 4927488 c:\windows\winsxs\msil_system.design_b03f5f7f11d50a3a_6.1.7601.17798_none_89ae03d7bfbbf2e7\System.Design.dll
+ 2012-06-14 17:19 . 2012-05-17 22:35 1129472 c:\windows\System32\wininet.dll
+ 2012-06-14 17:19 . 2012-05-17 22:36 1103872 c:\windows\System32\urlmon.dll
+ 2012-06-14 17:19 . 2012-05-17 22:45 1800192 c:\windows\System32\jscript9.dll
+ 2012-06-14 17:19 . 2012-05-17 22:27 1793024 c:\windows\System32\iertutil.dll
+ 2012-06-14 17:19 . 2012-05-17 22:48 9737728 c:\windows\System32\ieframe.dll
+ 2012-03-15 11:17 . 2012-03-15 11:17 5029672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2012-06-14 07:13 . 2012-03-21 22:32 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2012-05-10 07:06 . 2012-01-04 02:51 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-14 07:13 . 2012-03-21 22:32 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2011-05-09 08:46 . 2010-11-05 01:58 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 1369872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 5029672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 6429992 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 3790112 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-05-10 12:45 . 2012-05-10 12:45 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-06-14 17:25 . 2012-06-14 17:25 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-05-10 12:46 . 2012-05-10 12:46 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-15 11:43 . 2012-03-15 11:43 4216320 c:\windows\Installer\233f570.msp
+ 2012-04-22 20:37 . 2012-04-22 20:37 1182720 c:\windows\Installer\233f568.msp
+ 2012-06-14 17:22 . 2012-06-14 17:22 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
+ 2012-06-15 12:07 . 2012-06-15 12:07 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-15 12:07 . 2012-06-15 12:07 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll
+ 2012-06-14 17:22 . 2012-06-14 17:22 1666048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
+ 2012-06-15 12:07 . 2012-06-15 12:07 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll
+ 2012-06-15 12:07 . 2012-06-15 12:07 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll
+ 2012-06-15 12:07 . 2012-06-15 12:07 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll
+ 2012-06-15 12:07 . 2012-06-15 12:07 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2ed0173a2e75b1a3943bd2d96649a50c\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 7026176 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d3ded9525743f5484dd86c7806ec5553\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb47137b3e002d82dc7c9f97eeec2c93\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7605419cce72fcf91bb7dbc31ebbbca5\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\328780f2db847d458362c28dfcb62bcd\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\88bfc62ac0195a8ae673c444a3339505\System.Workflow.Runtime.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\cfb739be21092d5b8f7b4fde529e6aaa\System.Workflow.ComponentModel.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a815fffab98375c1919df68b5b292725\System.Workflow.Activities.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4a90802e36dee6e10d9bf54832cbf549\System.Web.Mobile.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c45efc7ec92c1da8e67eb597559ec39c\System.Web.Extensions.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
+ 2012-06-15 12:01 . 2012-06-15 12:01 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\163517c8a195fb48f7ef6ee17c585bdb\PresentationUI.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\c1ee01ff40acce2918c5319332bfca20\Narrator.ni.exe
+ 2012-06-15 12:06 . 2012-06-15 12:06 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\21abde8efab609732b2ade3f05234e79\MMCEx.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\0e7da0df83f0619e3b0e0a7d7ee05fa3\MIGUIControls.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\62b096899a5799828ebaed3c2830630d\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\373b67cd52725684575294b60ff6e201\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05db6110ae5ca613dfec740324040159\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 1125376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\c4b526ec652ac5c2ddbd5562dcad51bc\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Microsoft.Ink.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3893fa9a19b52dee8b2cc424840d5d08\Microsoft.Build.Tasks.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1d2250044b1ecff755e26ed12f6d27cb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-15 12:05 . 2012-06-15 12:05 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\3a4e56a8d1075cf0af0619c383b3e592\mcstore.ni.dll
+ 2012-06-14 07:13 . 2012-03-21 22:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-10 07:06 . 2012-01-04 02:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-05-09 08:46 . 2010-11-05 01:58 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-14 07:13 . 2012-03-21 22:32 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-01-26 15:31 . 2010-01-26 15:31 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-12 19:18 . 2012-06-12 19:18 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-06-14 17:19 . 2012-05-17 22:53 12314624 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_2c2be26155a5c02e\mshtml.dll
+ 2012-06-14 17:19 . 2012-05-17 23:11 12314624 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_2bb216f43c7b8326\mshtml.dll
+ 2011-05-14 18:31 . 2012-06-14 17:19 81963123 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
+ 2012-06-14 17:19 . 2012-05-17 23:11 12314624 c:\windows\System32\mshtml.dll
+ 2012-06-14 17:26 . 2012-06-14 17:26 13198336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
+ 2012-06-14 17:23 . 2012-06-14 17:23 18000896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
+ 2012-06-14 17:22 . 2012-06-14 17:22 11451904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 12436480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll
+ 2012-06-15 12:02 . 2012-06-15 12:02 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
+ 2012-06-15 12:01 . 2012-06-15 12:01 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
+ 2012-06-15 12:06 . 2012-06-15 12:06 18686464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\4403edce7ecc88254b0ff907eda750ea\ehshell.ni.dll
+ 2012-06-12 19:16 . 2012-06-12 19:16 142606336 c:\windows\Installer\2deef6f.msi
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-08 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_16_Plus_Sonderedition_Download-Version\TrayServer.exe" [2008-08-07 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 CFcatchme;CFcatchme;c:\users\zeller\AppData\Local\Temp\CFcatchme.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-08 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-08 5191168]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-08 125440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube to MP3 Converter - c:\users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
TCP: DhcpNameServer = 192.168.178.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-622015878-944566720-388874328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-622015878-944566720-388874328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-20 17:00:10
ComboFix-quarantined-files.txt 2012-06-20 15:00
ComboFix2.txt 2012-06-11 13:57
ComboFix3.txt 2012-06-11 11:39
.
Vor Suchlauf: 13 Verzeichnis(se), 1.400.874.938.368 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 1.400.879.124.480 Bytes frei
.
- - End Of File - - FDA5943FE916FBEAC3FF0F019F626010
|
|
21.06.2012, 09:02
| #25 |
| /// Malwareteam | TR/mediyes.F.3 Schritt 1: CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter NetSvc::
Update-Service-Installer-Service
Update-Service
DRIVER::
Update-Service-Installer-Service
Update-Service
FIREFOX::
FF - ProfilePath - c:\users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
CLEARJAVACACHE::
Wichtig:
Schritt 2: OTL (custom) Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
21.06.2012, 09:47
| #26 |
| | TR/mediyes.F.3 # Combofix Logfile: Code:
ATTFilter ComboFix 12-06-21.01 - *** 21.06.2012 10:22:39.4.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3326.2256 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-21 bis 2012-06-21 ))))))))))))))))))))))))))))))
.
.
2012-06-21 08:28 . 2012-06-21 08:28 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-06-21 08:28 . 2012-06-21 08:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 12:26 . 2012-06-15 12:26 -------- d-----w- c:\program files\ESET
2012-06-14 07:13 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 07:13 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 07:13 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 07:13 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 07:13 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 07:13 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 07:13 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 07:13 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 07:13 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 07:13 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 19:19 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-06-12 19:19 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-06-12 19:19 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-06-12 19:19 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-06-12 19:19 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-06-12 19:19 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-06-12 19:19 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-06-12 19:19 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-06-12 19:19 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-06-12 19:19 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-06-12 19:19 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-06-12 19:19 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-06-12 19:17 . 2012-06-12 19:17 -------- d-----w- c:\program files\Gameforge
2012-06-11 14:04 . 2012-06-11 14:04 -------- d-----w- c:\users\zeller\AppData\Roaming\Malwarebytes
2012-06-11 14:04 . 2012-06-11 14:04 -------- d-----w- c:\programdata\Malwarebytes
2012-06-11 14:04 . 2012-06-11 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-11 14:04 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 01:46 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-09 01:46 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-09 01:46 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-09 01:46 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-09 01:45 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-09 01:45 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-09 01:45 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-09 01:45 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-09 01:45 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-08 09:10 . 2012-06-08 09:10 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-08 09:10 . 2012-06-08 09:10 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-05-31 08:28 . 2012-06-11 11:21 -------- d-----w- c:\users\spiel
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 19:08 . 2012-03-30 17:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 19:08 . 2011-12-20 17:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-27 08:20 . 2012-05-17 08:22 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-24 22:32 . 2012-05-17 08:22 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-16 19:17 . 2012-05-17 08:22 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-13 07:36 . 2012-05-16 06:44 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7AF9F5A-B928-4EF1-A7CF-8F36E032C1BE}\mpengine.dll
2012-04-11 14:43 . 2011-09-08 08:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-31 04:39 . 2012-05-10 07:05 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 07:05 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-10 07:06 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-17 15:23 . 2011-10-11 04:50 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-08 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_16_Plus_Sonderedition_Download-Version\TrayServer.exe" [2008-08-07 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 CFcatchme;CFcatchme;c:\users\zeller\AppData\Local\Temp\CFcatchme.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-08 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-19 29416]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-08 5191168]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-08 125440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube to MP3 Converter - c:\users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.178.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\
FF - prefs.js: browser.startup.homepage - www.google.de
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-622015878-944566720-388874328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-622015878-944566720-388874328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-21 10:29:28
ComboFix-quarantined-files.txt 2012-06-21 08:29
ComboFix2.txt 2012-06-20 15:00
ComboFix3.txt 2012-06-11 13:57
ComboFix4.txt 2012-06-11 11:39
.
Vor Suchlauf: 13 Verzeichnis(se), 1.400.500.518.912 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 1.400.624.607.232 Bytes frei
.
- - End Of File - - 0EEBEA19FA427E7591EBAC6DC5F8FC4C
#OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.06.2012 10:50:02 - Run 4 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\zeller\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 65,92% Memory free 6,50 Gb Paging File | 5,23 Gb Available in Paging File | 80,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1304,51 Gb Free Space | 94,79% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,66 Gb Free Space | 58,32% Space Free | Partition Type: NTFS Computer Name: PHOENIX | User Name: zeller | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.11 10:47:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe PRC - [2010.12.08 21:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2005.04.06 16:53:06 | 003,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 14:02:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.15 14:02:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 14:02:00 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.11 07:04:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 07:04:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 07:04:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 07:04:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 07:03:52 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.12.08 21:18:26 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.12.08 21:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.02.02 11:33:39 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3660.33486__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3660.33443__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3660.33319__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3660.33396__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3660.33397__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3660.33417__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3660.33329__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3660.33444__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3660.33395__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3660.33388__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3660.33338__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3660.33330__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3660.33487__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 001,290,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3660.33482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3660.33379__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3660.33458__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3660.33346__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3660.33410__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.02.02 11:33:38 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3660.33371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3660.33378__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3660.33385__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3660.33457__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3660.33384__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3660.33351__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3660.33386__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3639.21544__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3639.21529__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3639.21799__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3639.21677__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3639.21772__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3639.21517__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3639.21518__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3639.21922__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.02.02 11:33:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3639.21571__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3639.21582__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3639.21557__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3639.21776__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3639.21569__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3639.21562__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3639.21599__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3639.21620__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3639.21566__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3639.21663__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3639.21591__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3639.21613__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3639.21806__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3639.21789__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3639.21606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3639.21788__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.02.02 11:33:37 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.02.02 11:33:36 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3660.33325__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.02.02 11:33:36 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3660.33479__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3660.33428__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.02.02 11:33:36 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3660.33337__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.02.02 11:33:36 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3660.33436__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3660.33434__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3639.21679__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3660.33316__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3639.21608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3660.33315__90ba9c70f846762e\APM.Server.dll MOD - [2010.02.02 11:33:36 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3660.33318__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3639.21609__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3639.21670__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3639.21589__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3660.33314__90ba9c70f846762e\AEM.Server.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3660.33451__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3639.21551__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3639.21578__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3639.21577__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3639.21601__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3639.21521__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3639.21666__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3639.21623__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3639.21565__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3639.21594__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3639.21673__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3639.21539__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3639.21592__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3639.21596__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3639.21681__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3639.21611__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3639.21604__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.02.02 11:33:36 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3660.33435__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3639.21570__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.02.02 11:33:36 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3660.33313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - File not found [On_Demand | Stopped] -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr) SRV - [2012.06.17 17:23:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.04 21:08:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\zeller\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\zeller\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.06.05 04:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Google [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.11 13:54:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.11 13:54:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 17:23:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.11 06:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeller\AppData\Roaming\mozilla\Extensions [2012.05.06 16:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeller\AppData\Roaming\mozilla\Firefox\Profiles\p48b04s5.default\extensions [2012.03.29 12:19:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\zeller\AppData\Roaming\mozilla\Firefox\Profiles\p48b04s5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.14 15:23:20 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-1.xml [2012.01.17 15:08:38 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-2.xml [2012.02.12 12:30:18 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-3.xml [2012.02.17 13:29:42 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-4.xml [2012.02.22 18:36:34 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-5.xml [2012.03.22 19:39:06 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-6.xml [2012.03.29 13:07:13 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-7.xml [2012.05.01 14:43:37 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-8.xml [2012.06.14 19:01:56 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-9.xml [2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin.gif [2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin.src [2012.01.06 11:09:19 | 000,001,056 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin.xml [2012.05.13 17:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.05.13 17:34:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.17 17:23:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.08 11:10:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.08 11:10:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.08 11:10:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.08 11:10:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.08 11:10:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.08 11:10:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.11 15:31:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_16_Plus_Sonderedition_Download-Version\Trayserver.exe (MAGIX AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\nspqalrj.dll File not found O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B216392A-5D26-485D-A3D1-1BA09B9A1893}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {352F9AD4-73B4-6725-6F7B-C894F3562CA1} - Themes Setup ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{ECAE3ABB-63AC-47DD-AF87-2852552CC686} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.21 10:28:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.06.21 10:21:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.20 16:41:05 | 004,563,474 | R--- | C] (Swearware) -- C:\Users\zeller\Desktop\ComboFix.exe [2012.06.19 10:32:13 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{4401D238-234A-45E9-850F-4FD2BF9B7C92} [2012.06.19 10:31:47 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{96447A8D-22DA-4F10-9BBE-C2CC8F9A6718} [2012.06.16 09:43:29 | 000,000,000 | ---D | C] -- C:\Users\zeller\Desktop\Neuer Ordner [2012.06.15 14:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.15 14:16:00 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A832892D-A909-4991-89CF-65E33876A7A7} [2012.06.14 09:18:03 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A5DD066F-733D-4997-BB8C-D1D9D4D51975} [2012.06.14 09:17:50 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{8AB7D796-D795-45E0-8353-DD86920B869A} [2012.06.12 21:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge [2012.06.12 21:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Gameforge [2012.06.11 16:04:30 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Roaming\Malwarebytes [2012.06.11 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.11 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.11 16:04:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.11 16:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.11 16:02:44 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\zeller\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.11 13:13:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.11 13:13:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.11 13:13:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.06.11 13:12:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.11 12:57:20 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\zeller\Desktop\tdsskiller.exe [2012.06.11 10:47:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe [2012.06.11 07:18:56 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{0A4C483A-9555-4BB0-AEB6-56B917F793D5} [2012.06.11 07:18:41 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{96371A1E-5546-4661-AD5B-2887D9ECA745} [2012.06.10 07:22:01 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{C2E12B95-B211-4EF3-9880-CCB80F87F8EC} [2012.06.10 07:21:39 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{F4EACEAA-5DE7-4784-9AC1-29A278C1B80D} [2012.06.09 13:07:29 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{02D1EE42-84C4-4E18-9A5C-61A1F2FB8A7F} [2012.06.09 13:07:18 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{525EAF42-50FC-4450-B807-4FA1B1ABB338} [2012.06.03 12:23:16 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{D65677EA-F4E5-4611-B695-D164B274FA55} [2012.06.03 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{78645E66-0A70-44D7-895D-A8DDA1AB8CF8} [2012.05.31 12:54:24 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A7590411-AD22-4D4D-A09D-DF5C498B983B} [2012.05.31 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{17F86EC5-F83C-4EE2-9342-E70DD66E13D2} [2012.05.29 18:49:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.05.26 18:43:47 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{E8715F23-BCC1-4E50-A040-BE45D2BA05E9} [2012.05.26 18:43:25 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{D0829E83-DCFB-4B50-8C96-9A4EFF14F44D} [2012.05.23 17:59:46 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{915239B2-624D-44F6-AF04-724FF2B46FD2} [2012.05.23 17:59:23 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{6CC0EB47-25C6-4348-BF4D-06EC191A3549} [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.21 10:50:16 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 10:50:16 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 10:42:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.21 10:42:46 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2012.06.21 10:18:17 | 004,563,474 | R--- | M] (Swearware) -- C:\Users\zeller\Desktop\ComboFix.exe [2012.06.21 10:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.19 10:06:22 | 000,024,804 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\wklnhst.dat [2012.06.16 10:14:59 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.16 10:14:59 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.16 10:14:59 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.16 10:14:59 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.15 14:00:35 | 000,480,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.11 16:04:27 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.11 16:02:54 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\zeller\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.11 15:31:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.06.11 13:52:03 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk [2012.06.11 12:57:25 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\zeller\Desktop\tdsskiller.exe [2012.06.11 12:46:48 | 000,601,715 | ---- | M] () -- C:\Users\zeller\Desktop\adwcleaner.exe [2012.06.11 11:53:54 | 000,302,592 | ---- | M] () -- C:\Users\zeller\Desktop\fmvg7wjv.exe [2012.06.11 10:47:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe [2012.06.11 10:47:05 | 000,000,000 | ---- | M] () -- C:\Users\zeller\defogger_reenable [2012.06.11 10:34:33 | 000,050,477 | ---- | M] () -- C:\Users\zeller\Desktop\Defogger.exe [2012.05.29 18:49:16 | 314,693,193 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.05.27 19:47:51 | 000,175,386 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-27 19_47_47.642913.dmp [2012.05.26 18:43:13 | 000,167,190 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-26 18_43_11.590207.dmp [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.11 16:04:27 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.11 13:13:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.11 13:13:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.11 13:13:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.11 13:13:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.11 13:13:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.11 12:46:47 | 000,601,715 | ---- | C] () -- C:\Users\zeller\Desktop\adwcleaner.exe [2012.06.11 11:53:53 | 000,302,592 | ---- | C] () -- C:\Users\zeller\Desktop\fmvg7wjv.exe [2012.06.11 10:47:05 | 000,000,000 | ---- | C] () -- C:\Users\zeller\defogger_reenable [2012.06.11 10:34:31 | 000,050,477 | ---- | C] () -- C:\Users\zeller\Desktop\Defogger.exe [2012.05.29 18:49:16 | 314,693,193 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.05.27 19:47:47 | 000,175,386 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-27 19_47_47.642913.dmp [2012.05.26 18:43:11 | 000,167,190 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-26 18_43_11.590207.dmp [2011.11.08 20:56:38 | 000,000,094 | ---- | C] () -- C:\Users\zeller\AppData\Local\fusioncache.dat [2011.05.02 16:54:11 | 000,024,804 | ---- | C] () -- C:\Users\zeller\AppData\Roaming\wklnhst.dat [2010.12.04 12:30:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.09.01 10:02:54 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe ========== LOP Check ========== [2011.06.21 10:26:28 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\aliasworlds [2010.11.25 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Anarchy [2010.12.08 13:47:49 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Be a King 2 [2011.05.24 19:48:37 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\BlamGames [2011.05.26 18:52:56 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Boolat Games [2010.11.15 10:22:07 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\capella-software [2012.04.16 09:27:50 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.05.25 09:01:08 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DivoGames [2011.05.25 16:14:11 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Dreamsdwell Stories [2011.07.22 17:50:04 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DVDVideoSoft [2011.07.20 14:03:43 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.23 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Friday's games [2011.07.20 14:26:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Green Clover Games [2011.08.04 16:24:40 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\GreenSauceGames [2011.12.16 16:15:29 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\ICQ [2011.06.16 09:28:47 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\InImages [2010.12.01 12:37:29 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\iWinG [2011.05.25 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Jane s Hotel 3 [2012.05.14 10:26:06 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\MAGIX [2011.06.16 12:54:17 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Nevosoft-Breeze [2012.01.07 15:03:19 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\OpenOffice.org [2010.11.23 19:22:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PeaceCraft2 [2012.02.04 21:17:27 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PeaceCraft3 [2011.06.27 12:15:12 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Ph03nixNewMedia [2011.06.20 10:45:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PlayFirst [2012.02.04 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Playrix Entertainment [2011.07.22 17:09:38 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Simfy [2011.05.02 16:54:13 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Template [2012.05.27 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\TS3Client [2011.07.02 09:52:23 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\ts3overlay [2011.08.14 10:43:20 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Unity [2011.05.25 11:29:39 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\WendigoStudios [2010.11.10 12:39:15 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Windows Live Writer [2011.05.23 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\World-Loom [2011.07.22 09:56:30 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\YoudaGames [2012.06.11 08:02:33 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.06.21 10:28:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012.03.16 18:28:09 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2010.08.07 10:55:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.01.28 15:03:33 | 000,000,000 | R--D | M] -- C:\MSOCache [2012.06.19 09:18:58 | 000,000,000 | ---D | M] -- C:\phoenix [2012.06.19 10:04:00 | 000,000,000 | ---D | M] -- C:\phoenix_privat [2012.06.19 08:41:57 | 000,000,000 | ---D | M] -- C:\Program Files [2012.06.11 16:04:26 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.08.07 10:55:35 | 000,000,000 | -HSD | M] -- C:\Programme [2012.06.21 10:29:31 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.08.07 10:55:35 | 000,000,000 | ---D | M] -- C:\Recovery [2011.06.02 19:59:52 | 000,000,000 | ---D | M] -- C:\Stick [2012.06.21 10:51:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.05.31 10:28:04 | 000,000,000 | R--D | M] -- C:\Users [2012.06.21 10:28:19 | 000,000,000 | ---D | M] -- C:\Windows [2011.01.14 09:07:39 | 000,000,000 | ---D | M] -- C:\xampp [2011.07.22 10:56:51 | 000,000,000 | ---D | M] -- C:\Zylom Games < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\ERDNT\cache\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-14 17:26:23 < Schliesse bitte nun alle Programme. (Wichtig) > < End of report > #OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.06.2012 10:50:02 - Run 4 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\zeller\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 65,92% Memory free 6,50 Gb Paging File | 5,23 Gb Available in Paging File | 80,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1304,51 Gb Free Space | 94,79% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,66 Gb Free Space | 58,32% Space Free | Partition Type: NTFS Computer Name: PHOENIX | User Name: zeller | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.11 10:47:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe PRC - [2010.12.08 21:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2005.04.06 16:53:06 | 003,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 16:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 14:02:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.15 14:02:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 14:02:00 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.11 07:04:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 07:04:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 07:04:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 07:04:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 07:03:52 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.12.08 21:18:26 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.12.08 21:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.02.02 11:33:39 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3660.33486__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3660.33443__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3660.33319__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3660.33396__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3660.33397__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3660.33417__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3660.33329__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3660.33444__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3660.33395__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3660.33388__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3660.33338__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3660.33330__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3660.33487__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 001,290,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3660.33482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3660.33379__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3660.33458__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3660.33346__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3660.33410__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.02.02 11:33:38 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3660.33371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3660.33378__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3660.33385__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3660.33457__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3660.33384__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3660.33351__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3660.33386__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3639.21544__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3639.21529__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3639.21799__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3639.21677__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3639.21772__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3639.21517__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3639.21518__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3639.21922__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.02.02 11:33:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3639.21571__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3639.21582__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3639.21557__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3639.21776__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3639.21569__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3639.21562__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3639.21599__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3639.21620__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3639.21566__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3639.21663__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3639.21591__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3639.21613__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3639.21806__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3639.21789__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3639.21606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3639.21788__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.02.02 11:33:37 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.02.02 11:33:36 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3660.33325__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.02.02 11:33:36 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3660.33479__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3660.33428__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.02.02 11:33:36 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3660.33337__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.02.02 11:33:36 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3660.33436__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3660.33434__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3639.21679__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3660.33316__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3639.21608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3660.33315__90ba9c70f846762e\APM.Server.dll MOD - [2010.02.02 11:33:36 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3660.33318__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3639.21609__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3639.21670__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3639.21589__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3660.33314__90ba9c70f846762e\AEM.Server.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3660.33451__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3639.21551__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3639.21578__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3639.21577__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3639.21601__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3639.21521__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3639.21666__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3639.21623__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3639.21565__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3639.21594__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3639.21673__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3639.21539__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3639.21592__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3639.21596__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3639.21681__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3639.21611__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3639.21604__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.02.02 11:33:36 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3660.33435__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3639.21570__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.02.02 11:33:36 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3660.33313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - File not found [On_Demand | Stopped] -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr) SRV - [2012.06.17 17:23:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.04 21:08:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.12.20 01:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2005.04.06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\zeller\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\zeller\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.06.05 04:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Google [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.11 13:54:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.11 13:54:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 17:23:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.11 06:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeller\AppData\Roaming\mozilla\Extensions [2012.05.06 16:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zeller\AppData\Roaming\mozilla\Firefox\Profiles\p48b04s5.default\extensions [2012.03.29 12:19:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\zeller\AppData\Roaming\mozilla\Firefox\Profiles\p48b04s5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.14 15:23:20 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-1.xml [2012.01.17 15:08:38 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-2.xml [2012.02.12 12:30:18 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-3.xml [2012.02.17 13:29:42 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-4.xml [2012.02.22 18:36:34 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-5.xml [2012.03.22 19:39:06 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-6.xml [2012.03.29 13:07:13 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-7.xml [2012.05.01 14:43:37 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-8.xml [2012.06.14 19:01:56 | 000,000,950 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin-9.xml [2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin.gif [2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin.src [2012.01.06 11:09:19 | 000,001,056 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\Mozilla\Firefox\Profiles\p48b04s5.default\searchplugins\icqplugin.xml [2012.05.13 17:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.05.13 17:34:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.17 17:23:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.08 11:10:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.08 11:10:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.08 11:10:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.08 11:10:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.08 11:10:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.08 11:10:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.11 15:31:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_16_Plus_Sonderedition_Download-Version\Trayserver.exe (MAGIX AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\nspqalrj.dll File not found O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B216392A-5D26-485D-A3D1-1BA09B9A1893}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {352F9AD4-73B4-6725-6F7B-C894F3562CA1} - Themes Setup ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: >{ECAE3ABB-63AC-47DD-AF87-2852552CC686} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.21 10:28:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.06.21 10:21:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.20 16:41:05 | 004,563,474 | R--- | C] (Swearware) -- C:\Users\zeller\Desktop\ComboFix.exe [2012.06.19 10:32:13 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{4401D238-234A-45E9-850F-4FD2BF9B7C92} [2012.06.19 10:31:47 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{96447A8D-22DA-4F10-9BBE-C2CC8F9A6718} [2012.06.16 09:43:29 | 000,000,000 | ---D | C] -- C:\Users\zeller\Desktop\Neuer Ordner [2012.06.15 14:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.15 14:16:00 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A832892D-A909-4991-89CF-65E33876A7A7} [2012.06.14 09:18:03 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A5DD066F-733D-4997-BB8C-D1D9D4D51975} [2012.06.14 09:17:50 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{8AB7D796-D795-45E0-8353-DD86920B869A} [2012.06.12 21:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge [2012.06.12 21:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Gameforge [2012.06.11 16:04:30 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Roaming\Malwarebytes [2012.06.11 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.11 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.11 16:04:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.11 16:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.11 16:02:44 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\zeller\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.11 13:13:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.11 13:13:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.11 13:13:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.06.11 13:12:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.11 12:57:20 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\zeller\Desktop\tdsskiller.exe [2012.06.11 10:47:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe [2012.06.11 07:18:56 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{0A4C483A-9555-4BB0-AEB6-56B917F793D5} [2012.06.11 07:18:41 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{96371A1E-5546-4661-AD5B-2887D9ECA745} [2012.06.10 07:22:01 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{C2E12B95-B211-4EF3-9880-CCB80F87F8EC} [2012.06.10 07:21:39 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{F4EACEAA-5DE7-4784-9AC1-29A278C1B80D} [2012.06.09 13:07:29 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{02D1EE42-84C4-4E18-9A5C-61A1F2FB8A7F} [2012.06.09 13:07:18 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{525EAF42-50FC-4450-B807-4FA1B1ABB338} [2012.06.03 12:23:16 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{D65677EA-F4E5-4611-B695-D164B274FA55} [2012.06.03 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{78645E66-0A70-44D7-895D-A8DDA1AB8CF8} [2012.05.31 12:54:24 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{A7590411-AD22-4D4D-A09D-DF5C498B983B} [2012.05.31 12:54:01 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{17F86EC5-F83C-4EE2-9342-E70DD66E13D2} [2012.05.29 18:49:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.05.26 18:43:47 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{E8715F23-BCC1-4E50-A040-BE45D2BA05E9} [2012.05.26 18:43:25 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{D0829E83-DCFB-4B50-8C96-9A4EFF14F44D} [2012.05.23 17:59:46 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{915239B2-624D-44F6-AF04-724FF2B46FD2} [2012.05.23 17:59:23 | 000,000,000 | ---D | C] -- C:\Users\zeller\AppData\Local\{6CC0EB47-25C6-4348-BF4D-06EC191A3549} [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.21 10:50:16 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 10:50:16 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 10:42:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.21 10:42:46 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2012.06.21 10:18:17 | 004,563,474 | R--- | M] (Swearware) -- C:\Users\zeller\Desktop\ComboFix.exe [2012.06.21 10:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.19 10:06:22 | 000,024,804 | ---- | M] () -- C:\Users\zeller\AppData\Roaming\wklnhst.dat [2012.06.16 10:14:59 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.16 10:14:59 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.16 10:14:59 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.16 10:14:59 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.15 14:00:35 | 000,480,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.11 16:04:27 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.11 16:02:54 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\zeller\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.11 15:31:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.06.11 13:52:03 | 000,001,049 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk [2012.06.11 12:57:25 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\zeller\Desktop\tdsskiller.exe [2012.06.11 12:46:48 | 000,601,715 | ---- | M] () -- C:\Users\zeller\Desktop\adwcleaner.exe [2012.06.11 11:53:54 | 000,302,592 | ---- | M] () -- C:\Users\zeller\Desktop\fmvg7wjv.exe [2012.06.11 10:47:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\zeller\Desktop\OTL.exe [2012.06.11 10:47:05 | 000,000,000 | ---- | M] () -- C:\Users\zeller\defogger_reenable [2012.06.11 10:34:33 | 000,050,477 | ---- | M] () -- C:\Users\zeller\Desktop\Defogger.exe [2012.05.29 18:49:16 | 314,693,193 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.05.27 19:47:51 | 000,175,386 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-27 19_47_47.642913.dmp [2012.05.26 18:43:13 | 000,167,190 | ---- | M] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-26 18_43_11.590207.dmp [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.11 16:04:27 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.11 13:13:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.11 13:13:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.11 13:13:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.11 13:13:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.11 13:13:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.11 12:46:47 | 000,601,715 | ---- | C] () -- C:\Users\zeller\Desktop\adwcleaner.exe [2012.06.11 11:53:53 | 000,302,592 | ---- | C] () -- C:\Users\zeller\Desktop\fmvg7wjv.exe [2012.06.11 10:47:05 | 000,000,000 | ---- | C] () -- C:\Users\zeller\defogger_reenable [2012.06.11 10:34:31 | 000,050,477 | ---- | C] () -- C:\Users\zeller\Desktop\Defogger.exe [2012.05.29 18:49:16 | 314,693,193 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.05.27 19:47:47 | 000,175,386 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-27 19_47_47.642913.dmp [2012.05.26 18:43:11 | 000,167,190 | ---- | C] () -- C:\Users\zeller\Music\Documents\ts3_clientui-win32-1334913258-2012-05-26 18_43_11.590207.dmp [2011.11.08 20:56:38 | 000,000,094 | ---- | C] () -- C:\Users\zeller\AppData\Local\fusioncache.dat [2011.05.02 16:54:11 | 000,024,804 | ---- | C] () -- C:\Users\zeller\AppData\Roaming\wklnhst.dat [2010.12.04 12:30:24 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.09.01 10:02:54 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe ========== LOP Check ========== [2011.06.21 10:26:28 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\aliasworlds [2010.11.25 17:41:38 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Anarchy [2010.12.08 13:47:49 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Be a King 2 [2011.05.24 19:48:37 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\BlamGames [2011.05.26 18:52:56 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Boolat Games [2010.11.15 10:22:07 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\capella-software [2012.04.16 09:27:50 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.05.25 09:01:08 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DivoGames [2011.05.25 16:14:11 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Dreamsdwell Stories [2011.07.22 17:50:04 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DVDVideoSoft [2011.07.20 14:03:43 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.23 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Friday's games [2011.07.20 14:26:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Green Clover Games [2011.08.04 16:24:40 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\GreenSauceGames [2011.12.16 16:15:29 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\ICQ [2011.06.16 09:28:47 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\InImages [2010.12.01 12:37:29 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\iWinG [2011.05.25 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Jane s Hotel 3 [2012.05.14 10:26:06 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\MAGIX [2011.06.16 12:54:17 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Nevosoft-Breeze [2012.01.07 15:03:19 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\OpenOffice.org [2010.11.23 19:22:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PeaceCraft2 [2012.02.04 21:17:27 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PeaceCraft3 [2011.06.27 12:15:12 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Ph03nixNewMedia [2011.06.20 10:45:26 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\PlayFirst [2012.02.04 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Playrix Entertainment [2011.07.22 17:09:38 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Simfy [2011.05.02 16:54:13 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Template [2012.05.27 22:32:42 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\TS3Client [2011.07.02 09:52:23 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\ts3overlay [2011.08.14 10:43:20 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Unity [2011.05.25 11:29:39 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\WendigoStudios [2010.11.10 12:39:15 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\Windows Live Writer [2011.05.23 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\World-Loom [2011.07.22 09:56:30 | 000,000,000 | ---D | M] -- C:\Users\zeller\AppData\Roaming\YoudaGames [2012.06.11 08:02:33 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.06.21 10:28:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012.03.16 18:28:09 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2010.08.07 10:55:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.01.28 15:03:33 | 000,000,000 | R--D | M] -- C:\MSOCache [2012.06.19 09:18:58 | 000,000,000 | ---D | M] -- C:\phoenix [2012.06.19 10:04:00 | 000,000,000 | ---D | M] -- C:\phoenix_privat [2012.06.19 08:41:57 | 000,000,000 | ---D | M] -- C:\Program Files [2012.06.11 16:04:26 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.08.07 10:55:35 | 000,000,000 | -HSD | M] -- C:\Programme [2012.06.21 10:29:31 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.08.07 10:55:35 | 000,000,000 | ---D | M] -- C:\Recovery [2011.06.02 19:59:52 | 000,000,000 | ---D | M] -- C:\Stick [2012.06.21 10:51:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.05.31 10:28:04 | 000,000,000 | R--D | M] -- C:\Users [2012.06.21 10:28:19 | 000,000,000 | ---D | M] -- C:\Windows [2011.01.14 09:07:39 | 000,000,000 | ---D | M] -- C:\xampp [2011.07.22 10:56:51 | 000,000,000 | ---D | M] -- C:\Zylom Games < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\ERDNT\cache\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-14 17:26:23 < Schliesse bitte nun alle Programme. (Wichtig) > < End of report > |
|
21.06.2012, 14:42
| #27 |
| /// Malwareteam | TR/mediyes.F.3 Mach bitte einen neuen ESET-Scan! 
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
22.06.2012, 13:11
| #28 |
| | TR/mediyes.F.3 keine funde, aber auch kein logfile oder wo finde ich das? wenn eines geschrieben wurde. entschuldige |
|
26.06.2012, 07:44
| #29 |
| /// Malwareteam | TR/mediyes.F.3 Dann sind wir durch! Schritt 1: Java update Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2: Adobe Shockwave Player update Dein Shockwave-Player ist veraltet. Um den Shockwave Player zu aktualisieren, gehe bitte wie folgt vor:
Defogger re-enable Starte bitte den Defogger und klicke den re-enable Button ComboFix Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. OTL Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Temp File Cleaner ausführen Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Hier noch ein paar Tipps zur Absicherung deines Systems. Aktualität Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
26.06.2012, 10:14
| #30 |
| | TR/mediyes.F.3 Hallo und guten morgen, der De-fogger meldet Unable to open file |
|
| Themen zu TR/mediyes.F.3 |
| 2.0.7, abstürzen, alternate, antivirus, avira, bho, converter, error, firefox, flash player, helper, home, iexplore.exe, install.exe, logfile, microsoft office word, mp3, object, office 2007, plug-in, problem, programm, quelldatei, realtek, scan, searchscopes, security, software, svchost.exe, system, teamspeak, trojaner, windows |
Textbox.
Linear-Darstellung
