snap do-Trojaner

gotm78 · 14.10.2012, 09:35

Ich habe mir diesen snapdo-Trojaner eingefangen und werde ihn nicht mehr los.

Malwarebytes habe ich scannen lassen, mit folgendem Ergebnis:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.13.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Castiel :: CASTIEL-PC [Administrator]

13.10.2012 22:02:15
mbam-log-2012-10-13 (22-02-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346069
Laufzeit: 2 Stunde(n), 28 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Temp\DealioToolbar.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Defogger habe ich benutzt.

OTL habe ich auch benutzt und folgendes Log erhalten:

OTL logfile created on: 14.10.2012 01:17:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Castiel\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 52,99% Memory free
6,20 Gb Paging File | 4,61 Gb Available in Paging File | 74,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 44,10 Gb Free Space | 37,88% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 97,50 Gb Free Space | 91,39% Space Free | Partition Type: NTFS

Computer Name: CASTIEL-PC | User Name: Castiel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.14 01:17:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Castiel\Downloads\OTL.exe
PRC - [2012.09.27 14:50:02 | 000,020,040 | ---- | M] (Smartbar) -- C:\Users\Castiel\AppData\Local\Smartbar\Application\SnapDo.exe
PRC - [2012.09.19 16:27:56 | 001,100,680 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.09.19 16:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.09 07:08:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.06 13:18:50 | 000,100,864 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Castiel\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.10 22:37:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.10 22:37:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.10 22:37:58 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.11.05 02:02:41 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2008.07.22 22:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2008.07.18 19:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.07.16 13:00:59 | 006,253,088 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.09 19:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.06.18 08:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.06.04 03:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.04.14 07:19:46 | 000,536,576 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008.02.02 01:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2008.02.02 00:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008.01.25 01:31:51 | 001,208,320 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2008.01.24 01:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008.01.23 20:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.12 08:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
PRC - [2007.12.04 20:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.05 05:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.03 07:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007.08.15 21:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 22:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.08.03 06:52:40 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe
PRC - [2007.07.06 02:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2005.07.07 01:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
PRC - [2005.07.03 23:52:18 | 000,071,080 | ---- | M] () -- C:\Program Files\PDFDrucker\PDFPrintBackend.exe

========== Modules (No Company Name) ==========

MOD - [2012.10.10 12:06:15 | 000,460,312 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
MOD - [2012.10.10 12:06:13 | 012,435,992 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012.10.10 12:06:12 | 004,005,912 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012.10.10 12:04:44 | 000,156,712 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012.10.10 12:04:43 | 000,275,496 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012.10.10 12:04:42 | 002,168,360 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012.09.27 14:50:50 | 000,018,504 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2012.09.27 14:50:40 | 000,048,200 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2012.09.27 14:50:40 | 000,013,896 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2012.09.27 14:50:36 | 000,069,704 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2012.09.27 14:50:34 | 000,035,400 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2012.09.27 14:50:30 | 000,016,456 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2012.09.27 14:50:28 | 000,079,944 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2012.09.27 14:50:22 | 000,019,016 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2012.09.27 14:50:20 | 000,055,880 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2012.09.27 14:50:12 | 000,029,768 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2012.09.27 14:50:12 | 000,012,872 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2012.09.27 14:50:10 | 000,013,896 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2012.09.27 14:50:08 | 000,188,488 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.dll
MOD - [2012.09.27 14:50:08 | 000,014,408 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2012.09.27 14:50:06 | 001,306,696 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2012.09.27 14:50:04 | 000,565,832 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2012.09.27 14:50:04 | 000,081,480 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2012.09.27 14:48:54 | 000,047,688 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2012.09.27 14:48:40 | 000,035,400 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
MOD - [2012.09.27 14:48:34 | 000,068,168 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
MOD - [2012.09.15 10:00:26 | 000,911,432 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2012.09.15 10:00:23 | 000,145,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2012.09.10 12:31:40 | 000,047,688 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.XmlSerializers.dll
MOD - [2012.09.10 12:31:40 | 000,025,672 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2012.09.10 12:31:38 | 000,020,040 | ---- | M] () -- C:\Users\Castiel\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2012.06.14 03:37:27 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
MOD - [2012.06.14 03:37:25 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.14 03:35:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:35:14 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.10 08:15:06 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8455a2be044530a091b714f5a6415d6b\CustomMarshalers.ni.dll
MOD - [2012.05.10 08:14:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 08:14:09 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012.05.10 08:14:08 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012.05.10 08:13:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.10 08:05:15 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.10 08:04:25 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012.05.10 08:02:25 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.10 08:02:03 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 06:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2008.11.05 01:46:19 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3009.39983__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l
MOD - [2008.11.05 01:46:19 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3009.40180__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008.11.05 01:46:19 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3009.39941__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.11.05 01:46:19 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3009.39997__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.11.05 01:46:19 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3009.40172__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.11.05 01:46:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3009.39975__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.11.05 01:46:19 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l
MOD - [2008.11.05 01:46:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3009.39962__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll
MOD - [2008.11.05 01:46:18 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3009.40135__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.11.05 01:46:17 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3009.40202__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.11.05 01:45:57 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3009.40208__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.11.05 01:45:57 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3009.39955__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.11.05 01:45:56 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.11.05 01:45:56 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3009.40163__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.11.05 01:45:56 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3009.40143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.11.05 01:45:56 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3009.40201__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard. dll
MOD - [2008.11.05 01:45:56 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3009.40149__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.11.05 01:45:56 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3009.40102__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.11.05 01:45:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3009.40142__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.11.05 01:45:56 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3009.40200__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008.11.05 01:45:55 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3009.40173__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008.11.05 01:45:55 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3009.40010__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll
MOD - [2008.11.05 01:45:55 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3009.40095__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.11.05 01:45:55 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3009.40089__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.11.05 01:45:55 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3009.39963__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll
MOD - [2008.11.05 01:45:55 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3009.40129__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.11.05 01:45:55 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3009.40017__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.11.05 01:45:55 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3009.40004__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.11.05 01:45:55 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3009.40116__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll
MOD - [2008.11.05 01:45:55 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3009.40094__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.11.05 01:45:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3009.40016__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll
MOD - [2008.11.05 01:45:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3009.40101__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.11.05 01:45:55 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3009.40115__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll
MOD - [2008.11.05 01:45:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3009.40128__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.11.05 01:45:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.11.05 01:45:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.11.05 01:45:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.11.05 01:45:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.11.05 01:45:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.11.05 01:45:55 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.11.05 01:45:54 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.11.05 01:45:54 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.11.05 01:45:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.11.05 01:45:54 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.11.05 01:45:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.11.05 01:45:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.11.05 01:45:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.11.05 01:45:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.11.05 01:45:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.11.05 01:45:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.11.05 01:45:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008.11.05 01:45:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.11.05 01:45:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.11.05 01:45:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.11.05 01:45:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.11.05 01:45:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.11.05 01:45:53 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.11.05 01:45:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.11.05 01:45:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008.11.05 01:45:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l
MOD - [2008.11.05 01:45:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.11.05 01:45:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l
MOD - [2008.11.05 01:45:53 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.11.05 01:45:53 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.11.05 01:45:52 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.11.05 01:45:52 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.11.05 01:45:52 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.11.05 01:45:52 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.11.05 01:45:52 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.11.05 01:45:52 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l
MOD - [2008.11.05 01:45:52 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.11.05 01:45:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.11.05 01:45:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.11.05 01:45:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.11.05 01:45:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.11.05 01:45:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.11.05 01:45:46 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3009.40186_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2008.11.05 01:45:45 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3009.40194__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.11.05 01:45:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3009.40193__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.11.05 01:45:45 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3009.40217__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.11.05 01:45:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.11.05 01:45:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.11.05 01:45:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008.11.05 01:45:45 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3009.40228__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008.11.05 01:45:45 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.11.05 01:45:44 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3009.39969__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.11.05 01:45:44 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3009.40186__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.11.05 01:45:44 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3009.39933__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.11.05 01:45:44 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.11.05 01:45:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.11.05 01:45:44 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.11.05 01:45:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.11.05 01:45:43 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3009.39949__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.11.05 01:45:43 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3009.39934__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.11.05 01:45:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3009.39931__90ba9c70f846762e\APM.Server.dll
MOD - [2008.11.05 01:45:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.11.05 01:45:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3009.40194__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.11.05 01:45:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.11.05 01:45:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.11.05 01:45:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3009.39932__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.11.05 00:20:54 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2008.07.18 19:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.06.09 09:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2008.04.14 07:19:46 | 000,536,576 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2008.03.28 18:19:11 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.02.02 00:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\DMedia.exe
MOD - [2008.02.02 00:29:28 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\ATKMETHOD.dll
MOD - [2008.01.24 01:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
MOD - [2008.01.12 08:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.11.13 01:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTran.dll
MOD - [2007.08.03 06:52:40 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe
MOD - [2007.03.07 03:03:08 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2006.10.26 01:37:52 | 000,045,056 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\GERString.dll
MOD - [2005.07.03 23:52:18 | 000,071,080 | ---- | M] () -- C:\Program Files\PDFDrucker\PDFPrintBackend.exe

========== Services (SafeList) ==========

SRV - [2012.09.19 16:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.08 00:36:43 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.06 13:18:50 | 000,100,864 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012.05.10 22:37:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.10 22:37:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.03 07:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007.08.08 10:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 22:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.02.07 10:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006.06.22 03:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFEHashWhirlpool.sys -- (FreeOTFEHashWhirlpool)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFEHashTiger.sys -- (FreeOTFEHashTiger)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFEHashSHA.sys -- (FreeOTFEHashSHA)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFEHashRIPEMD.sys -- (FreeOTFEHashRIPEMD)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFEHashMD.sys -- (FreeOTFEHashMD)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFECypherTwofish_ltc.sys -- (FreeOTFECypherTwofish_ltc)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFECypherSerpent_Gladman.sys -- (FreeOTFECypherSerpent_Gladman)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFECypherRC6_ltc.sys -- (FreeOTFECypherRC6_ltc)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFECypherMARS_Gladman.sys -- (FreeOTFECypherMARS_Gladman)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFECypherDES.sys -- (FreeOTFECypherDES)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFECypherCAST6_Gladman.sys -- (FreeOTFECypherCAST6_Gladman)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFECypherCAST5.sys -- (FreeOTFECypherCAST5)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFECypherBlowfish.sys -- (FreeOTFECypherBlowfish)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFECypherAES_ltc.sys -- (FreeOTFECypherAES_ltc)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\FreeOTFE\x86\FreeOTFE.sys -- (FreeOTFE)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.10 22:37:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.10 22:37:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.01.01 23:14:29 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.02 22:59:39 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.28 15:29:25 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.03.28 20:24:17 | 003,544,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.01.25 01:39:23 | 001,090,304 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008.01.10 03:34:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008.01.10 03:34:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007.10.01 23:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2007.08.09 06:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.08.03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.30 21:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 20:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 21:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.17 07:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.01.25 03:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.15 00:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=382fdf8e-c8ba-47b0-a87c-e56a9acd9655&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=382fdf8e-c8ba-47b0-a87c-e56a9acd9655&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=382fdf8e-c8ba-47b0-a87c-e56a9acd9655&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=382fdf8e-c8ba-47b0-a87c-e56a9acd9655&searchtype=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=382fdf8e-c8ba-47b0-a87c-e56a9acd9655&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=382fdf8e-c8ba-47b0-a87c-e56a9acd9655&searchtype=ds&q={searchTerms}
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.3\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=382fdf8e-c8ba-47b0-a87c-e56a9acd9655&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://findgala.com/?&uid=8050&q={searchTerms}
IE - HKCU\..\SearchScopes\{72920336-C92C-43D5-A091-AA5E0682ADE9}: "URL" = hxxp://de.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=867034&ilc=12&p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7C8CACFC-D202-40D5-86FF-2C92C50ACA39}&mid=ba2b431dd48627ca60be549f02a6fcf6-c45dc3bce47dc901d87ffd763e41c29db90e51bb&lang=de&ds=AVG&pr=fr&d=2011-12-07 10:42:50&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledAddons: lazarus@interclue.com:2.3
FF - prefs.js..extensions.enabledAddons: fmconverter@gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: dealio@mybrowserbar.com:6.0
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:5.7
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.3
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:5.7
FF - prefs.js..extensions.enabledItems: fmconverter@gmail.com:1.0.0
FF - prefs.js..browser.startup.homepage: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=382fdf8e-c8ba-47b0-a87c-e56a9acd9655&searchtype=hp"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=382fdf8e-c8ba-47b0-a87c-e56a9acd9655&searchtype=ds&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Castiel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Castiel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.09.15 09:59:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.08 00:36:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.26 00:52:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.08 00:36:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.26 00:52:30 | 000,000,000 | ---D | M]

[2009.08.04 23:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Castiel\AppData\Roaming\mozilla\Extensions
[2012.10.13 10:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Castiel\AppData\Roaming\mozilla\Firefox\Profiles\3e1s5272.default\extensions
[2010.04.22 20:44:19 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Castiel\AppData\Roaming\mozilla\Firefox\Profiles\3e1s5272.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.07.01 16:01:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Castiel\AppData\Roaming\mozilla\Firefox\Profiles\3e1s5272.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.03 14:39:07 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Castiel\AppData\Roaming\mozilla\Firefox\Profiles\3e1s5272.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.10.13 10:16:40 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Castiel\AppData\Roaming\mozilla\Firefox\Profiles\3e1s5272.default\extensions\helperbar@helperbar.com
[2011.10.09 23:45:27 | 000,000,000 | ---D | M] (Lazarus: Form Recovery) -- C:\Users\Castiel\AppData\Roaming\mozilla\Firefox\Profiles\3e1s5272.default\extensions\lazarus@interclue.com
[2012.10.13 10:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Castiel\AppData\Roaming\mozilla\Firefox\Profiles\3e1s5272.default\extensions\staged
[2012.06.03 21:55:18 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Castiel\AppData\Roaming\mozilla\firefox\profiles\3e1s5272.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.08.05 11:17:22 | 000,002,089 | ---- | M] () (No name found) -- C:\Users\Castiel\AppData\Roaming\mozilla\firefox\profiles\3e1s5272.default\extensions\lazarus@interclue.com\chrome\content\update-expires-time.xul
[2011.08.05 11:17:22 | 000,000,252 | ---- | M] () (No name found) -- C:\Users\Castiel\AppData\Roaming\mozilla\firefox\profiles\3e1s5272.default\extensions\lazarus@interclue.com\chrome\content\update-expires.js
[2011.08.05 11:17:22 | 000,002,276 | ---- | M] () (No name found) -- C:\Users\Castiel\AppData\Roaming\mozilla\firefox\profiles\3e1s5272.default\extensions\lazarus@interclue.com\chrome\content\update-expires.xul
[2012.07.08 00:43:47 | 000,743,290 | ---- | M] () (No name found) -- C:\Users\Castiel\AppData\Roaming\mozilla\firefox\profiles\3e1s5272.default\extensions\staged\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.07 01:22:26 | 000,001,210 | ---- | M] () -- C:\Users\Castiel\AppData\Roaming\mozilla\firefox\profiles\3e1s5272.default\searchplugins\search.xml
[2012.10.13 10:16:48 | 000,015,607 | ---- | M] () -- C:\Users\Castiel\AppData\Roaming\mozilla\firefox\profiles\3e1s5272.default\searchplugins\Web Search.xml
[2010.04.22 21:43:21 | 000,001,201 | ---- | M] () -- C:\Users\Castiel\AppData\Roaming\mozilla\firefox\profiles\3e1s5272.default\searchplugins\winamp-search.xml
[2012.05.26 00:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOMEXTENSION5=C:\USERS\CASTIEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3E1S5272.DEFAULT\EXTENSIONS\HELPERBAR@HELPERBAR.COM
[2012.09.26 18:35:54 | 000,000,000 | ---D | M] (Dealio Toolbar) -- C:\PROGRAM FILES\DEALIO TOOLBAR\FF
[2012.09.15 09:59:12 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2012.07.08 00:36:44 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.12 10:58:50 | 000,003,752 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=382fdf8e-c8ba-47b0-a87c-e56a9acd9655&searchtype=ds&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Castiel\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Castiel\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Castiel\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Castiel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Castiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Castiel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\Castiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Default = C:\Users\Castiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1\
CHR - Extension: Poppit = C:\Users\Castiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.3\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.3\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDFDrucker\PDFPrintBackend.exe ()
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Castiel\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Application Restart #4] C:\Users\Castiel\AppData\Local\Google\Chrome\Application\chrome.exe --user-agent="Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10 Service 1.08050" --flag-switches-begin --flag-switches-end --restore-last-session File not found
O4 - Startup: C:\Users\Castiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Castiel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O8 - Extra context menu item: Add to AVI Converter... - C:\Program Files\MP3 Player Utilities 5.09\AVIConverter\grab.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{760CC88E-1796-472A-8869-4C2FD179B92C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5550DF0-DE12-44FB-8478-6D5367F28B8F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Castiel\Pictures\Paket_2\himmel01-1680x1050.jpg
O24 - Desktop BackupWallPaper: C:\Users\Castiel\Pictures\Paket_2\himmel01-1680x1050.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d591d29-2fb4-11e0-a214-0023547e5587}\Shell\AutoRun\command - "" = F:\APPInst.exe
O33 - MountPoints2\{3298b85f-b1c0-11de-bf14-0023547e5587}\Shell - "" = AutoRun
O33 - MountPoints2\{3298b85f-b1c0-11de-bf14-0023547e5587}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4a6944b4-d287-11de-a3ba-e480f237bcac}\Shell\AutoRun\command - "" = F:\FreeOTFE\FreeOTFE.exe
O33 - MountPoints2\{4a6944b4-d287-11de-a3ba-e480f237bcac}\Shell\launch\command - "" = F:\FreeOTFE\FreeOTFE.exe
O33 - MountPoints2\{84849227-cb0c-11de-9f12-ccfb0b0b3caf}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usb_driver.com
O33 - MountPoints2\{84849227-cb0c-11de-9f12-ccfb0b0b3caf}\Shell\open\command - "" = F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\usb_driver.com
O33 - MountPoints2\{d29f22f7-f71a-11de-9f16-cb08ee783995}\Shell - "" = AutoRun
O33 - MountPoints2\{d29f22f7-f71a-11de-9f16-cb08ee783995}\Shell\AutoRun\command - "" = G:\YDKJAutorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.13 11:19:20 | 000,000,000 | -H-D | C] -- C:\Users\Castiel\Documents\Freemake_do_not_remove_this_folder634857239606710000
[2012.09.26 18:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.09.26 18:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.09.26 18:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2012.09.24 22:49:53 | 000,000,000 | -H-D | C] -- C:\Users\Castiel\Documents\Freemake_do_not_remove_this_folder634841237939170993
[2012.09.23 16:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.15 10:00:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.09.15 10:00:19 | 000,000,000 | ---D | C] -- C:\Users\Castiel\AppData\Local\Smartbar
[2012.09.15 09:59:52 | 000,000,000 | -H-D | C] -- C:\Users\Castiel\Documents\Freemake_do_not_remove_this_folder634832999924792965
[2012.09.15 09:59:22 | 000,000,000 | ---D | C] -- C:\Users\Castiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2012.09.15 09:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2012.09.15 09:49:41 | 000,000,000 | ---D | C] -- C:\Users\Castiel\Documents\Freemake
[2012.03.11 14:51:28 | 023,820,416 | ---- | C] (Ellora Assets Corporation ) -- C:\Program Files\FreemakeVideoConverter_3.0.1.22.exe
[2 C:\Users\Castiel\Desktop\*.tmp files -> C:\Users\Castiel\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.14 01:11:36 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.10.14 01:11:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 01:11:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.14 01:11:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 01:11:08 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.14 01:09:35 | 000,000,176 | ---- | M] () -- C:\Users\Castiel\defogger_reenable
[2012.10.14 00:41:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3352469040-636432409-1545199659-1000UA.job
[2012.10.13 21:53:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3352469040-636432409-1545199659-1000Core.job
[2012.10.13 14:17:10 | 000,168,448 | ---- | M] () -- C:\Users\Castiel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.13 10:49:02 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.13 10:49:02 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.13 10:49:02 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.13 10:49:02 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.23 16:43:56 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2 C:\Users\Castiel\Desktop\*.tmp files -> C:\Users\Castiel\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.14 01:09:12 | 000,000,176 | ---- | C] () -- C:\Users\Castiel\defogger_reenable
[2012.09.23 16:43:56 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.26 14:21:47 | 000,002,956 | ---- | C] () -- C:\Users\Castiel\.heldEinstellungen4_1.xml
[2012.02.26 14:21:45 | 000,000,269 | ---- | C] () -- C:\Users\Castiel\.dsa4.properties
[2012.02.07 01:22:24 | 000,000,288 | ---- | C] () -- C:\Users\Castiel\AppData\Roaming\DD862BE6.reg
[2011.06.19 15:50:31 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.18 21:08:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.20 12:36:45 | 000,000,853 | ---- | C] () -- C:\Users\Castiel\.recently-used.xbel
[2010.02.08 11:20:16 | 000,000,104 | ---- | C] () -- C:\Users\Castiel\Computer - Verknüpfung.lnk
[2009.04.10 16:58:56 | 000,001,074 | RH-- | C] () -- C:\Users\Castiel\XrxWm.ini
[2009.04.10 16:58:56 | 000,000,522 | RH-- | C] () -- C:\Users\Castiel\xw45cpdy.dyc
[2009.03.29 10:52:05 | 000,000,680 | ---- | C] () -- C:\Users\Castiel\AppData\Local\d3d9caps.dat
[2009.01.21 16:01:13 | 000,168,448 | ---- | C] () -- C:\Users\Castiel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.11.15 15:10:30 | 000,000,000 | ---D | M] -- C:\Users\Castiel\AppData\Roaming\Ahnenblatt
[2012.09.10 18:10:56 | 000,000,000 | ---D | M] -- C:\Users\Castiel\AppData\Roaming\Aimersoft Video Converter Ultimate
[2012.02.07 01:22:26 | 000,000,000 | -HSD | M] -- C:\Users\Castiel\AppData\Roaming\AV Security Essentials
[2012.09.01 12:07:18 | 000,000,000 | ---D | M] -- C:\Users\Castiel\AppData\Roaming\calibre
[2010.01.01 23:17:52 | 000,000,000 | ---D | M] -- C:\Users\Castiel\AppData\Roaming\DAEMON Tools Lite
[2012.10.14 01:13:34 | 000,000,000 | ---D | M] -- C:\Users\Castiel\AppData\Roaming\Dropbox
[2010.03.13 23:49:50 | 000,000,000 | ---D | M] -- C:\Users\Castiel\AppData\Roaming\FreeFLVConverter
[2010.02.20 12:36:45 | 000,000,000 | ---D | M] -- C:\Users\Castiel\AppData\Roaming\gtk-2.0
[2012.09.15 09:59:34 | 000,000,000 | ---D | M] -- C:\Users\Castiel\AppData\Roaming\OpenCandy
[2012.04.02 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\Castiel\AppData\Roaming\Rainmeter
[2009.06.09 17:02:06 | 000,000,000 | ---D | M] -- C:\Users\Castiel\AppData\Roaming\SecondLife
[2012.03.10 22:09:53 | 000,000,000 | ---D | M] -- C:\Users\Castiel\AppData\Roaming\SmartDraw

========== Purity Check ==========

< End of report >

Gmer … wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen.

Psychotic · 15.10.2012, 08:43

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Schritt 1: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 2: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Psychotic · 17.10.2012, 07:18

Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

gotm78 · 17.10.2012, 18:25

Hey,

erst einmal DANKE für die schnelle Antwort. Ich werde alles versuchen und dann berichten.

Nochmal: Vielen Dank für die Hilfe.

aswmbr

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-17 20:18:39
-----------------------------
20:18:39.927 OS Version: Windows 6.0.6002 Service Pack 2
20:18:39.927 Number of processors: 2 586 0xF0D
20:18:39.931 ComputerName: CASTIEL-PC UserName: Castiel
20:18:40.539 Initialize success
20:18:46.621 AVAST engine download error: 0
20:18:54.665 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:18:54.670 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
20:18:54.718 Disk 0 MBR read successfully
20:18:54.724 Disk 0 MBR scan
20:18:54.731 Disk 0 unknown MBR code
20:18:54.738 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10001 MB offset 63
20:18:54.758 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119232 MB offset 20482875
20:18:54.765 Disk 0 Partition - 00 0F Extended LBA 109238 MB offset 264670875
20:18:54.792 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 109238 MB offset 264670938
20:18:54.805 Disk 0 scanning sectors +488392065
20:18:54.891 Disk 0 scanning C:\Windows\system32\drivers
20:19:01.267 Service scanning
20:19:15.543 Modules scanning
20:19:22.217 Disk 0 trace - called modules:
20:19:22.243 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
20:19:22.251 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b23ac8]
20:19:22.259 3 CLASSPNP.SYS[8aba68b3] -> nt!IofCallDriver -> [0x85ed13c0]
20:19:22.267 5 acpi.sys[8069a6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85984028]
20:19:22.275 Scan finished successfully
20:19:48.201 Disk 0 MBR has been saved successfully to "C:\Users\Castiel\Downloads\MBR.dat"
20:19:48.215 The log file has been saved successfully to "C:\Users\Castiel\Downloads\aswMBR.txt"

tdss-killer: no threats found

Psychotic · 18.10.2012, 06:51

Ich brauche noch die Extras.txt, du müsstest sie unter C:\_OTL finden.

Psychotic · 22.10.2012, 07:00

Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Psychotic · 23.10.2012, 07:46

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

17.10.2012, 07:18	#3
Psychotic /// Malwareteam	snap do-Trojaner Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist __________________ __________________

18.10.2012, 06:51	#5
Psychotic /// Malwareteam	snap do-Trojaner Ich brauche noch die Extras.txt, du müsstest sie unter C:\_OTL finden. __________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

22.10.2012, 07:00	#6
Psychotic /// Malwareteam	snap do-Trojaner Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist __________________ --> snap do-Trojaner

snap do-Trojaner

Log-Analyse und Auswertung: snap do-Trojaner

snap do-Trojaner

snap do-Trojaner

snap do-Trojaner

snap do-Trojaner

snap do-Trojaner

snap do-Trojaner

snap do-Trojaner

Ähnliche Themen: snap do-Trojaner