| |
| |||||||
Log-Analyse und Auswertung: Trojaner Weelsof.C.187 und Agent.53248.4 unter WinXPWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.11.2012, 20:10
| #1 |
| |  Trojaner Weelsof.C.187 und Agent.53248.4 unter WinXP Hallo, ich hoffe, Ihr könnte mir helfen, meinen PC wieder Trojaner- oder Viren-frei zu bekommen ... nach 2 Wochen Abwesenheit und Nutzung meines PCs durch andere hatte ich vorgestern eine nette Überraschung. Avira Free Antivirus meldete die folgenden Infizierungen auf meiner Bootpartition: "Weelsof.C.187" in H:\Dokumente und Einstellungen/*****/ms.exe und "Agent.53248.4" im H:\Windows/system32/appConf32.exe. Ich habe dann erstmal mit Avira die Dateien in Quarantäne verschoben, die Bootpartition und die anderen Festplatten im PC überprüft. War aber nur auf H etwas. Ich hatte den Eindruck, dass IE8 keine zusätzlichen Reiter mehr aufmachen wollte, also habe ich mich auf die Suche nach Tipps gemacht und Euch gefunden. Es folgen die Logdateien nach Euren Empfehlungen. Bitte Bescheid, wenn ich die Logdateien von Avira auch einstellen soll: 1. Scan mit Malwarebytes Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.08.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 ***** :: ARBEITSZIMMER [Administrator] Schutz: Aktiviert 08.11.2012 20:09:36 mbam-log-2012-11-08 (21-25-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 216750 Laufzeit: 5 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCR\linkd.AIEbho.1 (Trojan.Banker) -> Keine Aktion durchgeführt. HKCR\linkd.AIEbho (Trojan.Banker) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bösartig: (H:\WINDOWS\system32\userinit.exe,H:\WINDOWS\system32\appConf32.exe,) Gut: (userinit.exe) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 1 H:\WINDOWS\system32\xmldm (Stolen.Data) -> Keine Aktion durchgeführt. Infizierte Dateien: 6 H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\slrlxmxh.exe (Trojan.Weelsof) -> Keine Aktion durchgeführt. H:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Temp\wgsdgsdgdsgsd.exe (Trojan.Agent) -> Keine Aktion durchgeführt. H:\WINDOWS\system32\AcroIEHelpe221.dll (Trojan.Banker) -> Keine Aktion durchgeführt. H:\WINDOWS\system32\AcroIEHelpe.txt (Malware.Trace) -> Keine Aktion durchgeführt. H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt. H:\Dokumente und Einstellungen\*******\Startmenü\Programme\Autostart\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) 2. Scan mit Malwarebyes Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.08.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 ***** :: ARBEITSZIMMER [Administrator] Schutz: Aktiviert 08.11.2012 21:42:12 mbam-log-2012-11-08 (21-42-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 448252 Laufzeit: 2 Stunde(n), 30 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 12 H:\System Volume Information\_restore{E1A70356-1AFE-4AD9-BD5B-D65DBE954417}\RP505\A0071485.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\System Volume Information\_restore{E1A70356-1AFE-4AD9-BD5B-D65DBE954417}\RP505\A0071609.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\System Volume Information\_restore{E1A70356-1AFE-4AD9-BD5B-D65DBE954417}\RP505\A0071671.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\System Volume Information\_restore{E1A70356-1AFE-4AD9-BD5B-D65DBE954417}\RP506\A0071703.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\System Volume Information\_restore{E1A70356-1AFE-4AD9-BD5B-D65DBE954417}\RP506\A0071712.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\System Volume Information\_restore{E1A70356-1AFE-4AD9-BD5B-D65DBE954417}\RP507\A0071809.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\System Volume Information\_restore{E1A70356-1AFE-4AD9-BD5B-D65DBE954417}\RP507\A0071886.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\System Volume Information\_restore{E1A70356-1AFE-4AD9-BD5B-D65DBE954417}\RP508\A0071977.exe (Trojan.Weelsof) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\System Volume Information\_restore{E1A70356-1AFE-4AD9-BD5B-D65DBE954417}\RP508\A0071975.exe (Trojan.Weelsof) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\System Volume Information\_restore{E1A70356-1AFE-4AD9-BD5B-D65DBE954417}\RP508\A0071976.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\WINDOWS\system32\AcroIEHelpe225.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. H:\WINDOWS\system32\appConf32.exe (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL OTL logfile created on: 09.11.2012 07:47:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = H:\Dokumente und Einstellungen\*****\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 76,20% Memory free 5,09 Gb Paging File | 3,73 Gb Available in Paging File | 73,19% Paging File free Paging file location(s): H:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Programme Drive C: | 125,46 Gb Total Space | 40,58 Gb Free Space | 32,34% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 8,83 Gb Free Space | 9,05% Space Free | Partition Type: NTFS Drive E: | 9,76 Gb Total Space | 9,75 Gb Free Space | 99,95% Space Free | Partition Type: FAT32 Drive H: | 161,14 Gb Total Space | 118,78 Gb Free Space | 73,71% Space Free | Partition Type: NTFS Computer Name: ARBEITSZIMMER | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.08 20:43:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\*****\Desktop\OTL.exe PRC - [2012.10.16 13:02:04 | 001,111,432 | ---- | M] (Spigot, Inc.) -- H:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe PRC - [2012.10.09 15:44:44 | 000,799,112 | ---- | M] (Spigot, Inc.) -- H:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- H:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- H:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.11 06:12:12 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- H:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Dropbox\bin\Dropbox.exe PRC - [2012.05.13 20:17:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- H:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.13 20:17:18 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- H:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.13 20:17:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- H:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.13 20:17:18 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- H:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.04 06:37:10 | 000,021,392 | ---- | M] () -- H:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.05.04 06:37:00 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- H:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.11.23 14:23:10 | 000,068,096 | ---- | M] () -- H:\Programme\Scand LLC\SkyHistory\SkyHistoryService.exe PRC - [2011.09.08 14:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- H:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.06.09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.03.04 02:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- H:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011.03.01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- H:\Programme\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011.01.13 03:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- H:\Programme\Logitech\Vid HD\Vid.exe PRC - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () -- H:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- H:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010.03.25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- H:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009.11.29 07:50:51 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- H:\WINDOWS\system32\drivers\CDAC11BA.EXE PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe PRC - [2007.01.03 20:38:44 | 000,207,680 | ---- | M] () -- H:\Programme\Gigabyte\ET5\GUI.exe PRC - [2006.11.03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- H:\Programme\Windows Defender\MSASCui.exe PRC - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- H:\Programme\Windows Defender\MsMpEng.exe PRC - [2004.09.13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) -- H:\Programme\Ahead\InCD\InCDsrv.exe PRC - [2004.09.13 10:51:05 | 001,450,096 | ---- | M] (Ahead Software AG) -- H:\Programme\Ahead\InCD\InCD.exe PRC - [2003.06.30 09:30:28 | 000,315,392 | ---- | M] () -- H:\Programme\ScanWizard 5\ScannerFinder.exe PRC - [2002.05.03 10:47:46 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- H:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 05:46:54 | 011,817,472 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.06.15 05:42:58 | 012,433,920 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.15 05:42:44 | 001,592,320 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.15 05:42:05 | 014,329,856 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll MOD - [2012.06.15 05:41:37 | 012,218,368 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll MOD - [2012.06.14 21:59:58 | 000,303,104 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.15 20:28:00 | 000,998,400 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll MOD - [2012.05.15 20:26:36 | 000,971,264 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.15 20:26:27 | 000,025,600 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll MOD - [2012.05.13 20:59:05 | 005,450,752 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.13 20:52:58 | 002,295,296 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll MOD - [2012.05.13 20:52:43 | 000,539,648 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll MOD - [2012.05.13 20:51:43 | 003,325,440 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll MOD - [2012.05.13 20:51:34 | 007,953,408 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.13 20:51:22 | 011,492,352 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.13 20:33:54 | 000,115,137 | ---- | M] () -- H:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll MOD - [2012.05.13 20:17:19 | 000,398,288 | ---- | M] () -- H:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.05.04 06:37:10 | 000,021,392 | ---- | M] () -- H:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.05.02 10:33:40 | 000,649,640 | ---- | M] () -- H:\Programme\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll MOD - [2012.05.02 10:33:40 | 000,007,168 | ---- | M] () -- H:\Programme\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll MOD - [2012.05.02 10:33:38 | 000,537,000 | ---- | M] () -- H:\Programme\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll MOD - [2012.05.02 10:33:38 | 000,003,584 | ---- | M] () -- H:\Programme\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll MOD - [2011.11.23 14:25:12 | 001,141,248 | ---- | M] () -- H:\Programme\Scand LLC\SkyHistory\HistoryPluginB.dll MOD - [2011.11.23 14:23:10 | 000,068,096 | ---- | M] () -- H:\Programme\Scand LLC\SkyHistory\SkyHistoryService.exe MOD - [2011.03.01 22:15:28 | 000,126,808 | ---- | M] () -- H:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011.03.01 22:15:28 | 000,027,480 | ---- | M] () -- H:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011.03.01 22:15:04 | 000,340,824 | ---- | M] () -- H:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011.03.01 22:14:42 | 007,954,776 | ---- | M] () -- H:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011.03.01 22:14:30 | 002,143,576 | ---- | M] () -- H:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011.01.13 02:57:34 | 000,751,616 | ---- | M] () -- H:\Programme\Logitech\Vid HD\vpxmd.dll MOD - [2011.01.13 02:55:28 | 000,027,472 | ---- | M] () -- H:\Programme\Logitech\Vid HD\SDL.dll MOD - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () -- H:\Programme\Canon\IJPLM\ijplmsvc.exe MOD - [2010.01.07 10:48:42 | 000,011,776 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3470.20928__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2010.01.07 10:48:42 | 000,008,704 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2010.01.07 10:48:42 | 000,007,680 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3470.20931__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2010.01.07 10:48:42 | 000,007,680 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2010.01.07 10:48:41 | 001,732,608 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l MOD - [2010.01.07 10:48:41 | 000,491,520 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3470.20915__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.01.07 10:48:41 | 000,339,968 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3470.20826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.01.07 10:48:41 | 000,204,800 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.01.07 10:48:41 | 000,077,824 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3470.20896__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.01.07 10:48:41 | 000,073,728 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3470.20835__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.01.07 10:48:41 | 000,065,536 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3470.20878__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.01.07 10:48:41 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.01.07 10:48:41 | 000,036,864 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l MOD - [2010.01.07 10:48:41 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3470.20835__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll MOD - [2010.01.07 10:48:40 | 000,331,776 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.01.07 10:48:40 | 000,094,208 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.01.07 10:48:40 | 000,061,440 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2010.01.07 10:48:40 | 000,061,440 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3470.20882__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.01.07 10:48:40 | 000,045,056 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3470.20916__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.01.07 10:48:40 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2010.01.07 10:48:39 | 000,782,336 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3470.20871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.01.07 10:48:39 | 000,643,072 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3470.20926__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010.01.07 10:48:39 | 000,409,600 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3470.20891__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.01.07 10:48:39 | 000,196,608 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.01.07 10:48:39 | 000,081,920 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.01.07 10:48:39 | 000,077,824 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3470.20925__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010.01.07 10:48:38 | 000,573,440 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3470.20847__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll MOD - [2010.01.07 10:48:38 | 000,409,600 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3470.20836__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll MOD - [2010.01.07 10:48:38 | 000,393,216 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.01.07 10:48:38 | 000,360,448 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3470.20865__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.01.07 10:48:38 | 000,094,208 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll MOD - [2010.01.07 10:48:38 | 000,061,440 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.01.07 10:48:38 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3470.20850__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll MOD - [2010.01.07 10:48:38 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.01.07 10:48:38 | 000,036,864 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3470.20875__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll MOD - [2010.01.07 10:48:38 | 000,032,768 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.01.07 10:48:37 | 000,270,336 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.01.07 10:48:37 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.01.07 10:48:37 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.01.07 10:48:37 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.01.07 10:48:37 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.01.07 10:48:37 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.01.07 10:48:37 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.01.07 10:48:37 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.01.07 10:48:37 | 000,007,168 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.01.07 10:48:36 | 000,094,208 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.01.07 10:48:36 | 000,045,056 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.01.07 10:48:36 | 000,032,768 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.01.07 10:48:36 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.01.07 10:48:36 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.01.07 10:48:36 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010.01.07 10:48:36 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.01.07 10:48:36 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.01.07 10:48:36 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.01.07 10:48:36 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.01.07 10:48:35 | 000,098,304 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.01.07 10:48:35 | 000,061,440 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3428.28328__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010.01.07 10:48:35 | 000,053,248 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.01.07 10:48:35 | 000,053,248 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.01.07 10:48:35 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.01.07 10:48:35 | 000,024,576 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.01.07 10:48:35 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.01.07 10:48:35 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.01.07 10:48:35 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2010.01.07 10:48:35 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l MOD - [2010.01.07 10:48:35 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.01.07 10:48:35 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.01.07 10:48:35 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.01.07 10:48:34 | 000,651,264 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3470.20939__90ba9c70f846762e\ResourceManagement.Foundation.Implementatio n.dll MOD - [2010.01.07 10:48:34 | 000,065,536 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.01.07 10:48:34 | 000,053,248 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.01.07 10:48:34 | 000,049,152 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.01.07 10:48:34 | 000,045,056 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3470.20921__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.01.07 10:48:34 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.01.07 10:48:34 | 000,032,768 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.01.07 10:48:34 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l MOD - [2010.01.07 10:48:34 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.01.07 10:48:34 | 000,028,672 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.01.07 10:48:34 | 000,024,576 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l MOD - [2010.01.07 10:48:34 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.01.07 10:48:34 | 000,016,384 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.01.07 10:48:34 | 000,013,312 | ---- | M] () -- H:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2010.01.07 10:48:34 | 000,007,168 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3470.20822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.01.07 10:48:33 | 000,552,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3470.20904__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.01.07 10:48:33 | 000,405,504 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.01.07 10:48:33 | 000,106,496 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3470.20910__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.01.07 10:48:33 | 000,065,536 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3470.20908__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.01.07 10:48:33 | 000,057,344 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3470.20825__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.01.07 10:48:33 | 000,057,344 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3470.20824__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.01.07 10:48:33 | 000,045,056 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.01.07 10:48:33 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.01.07 10:48:33 | 000,036,864 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.01.07 10:48:33 | 000,024,576 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.01.07 10:48:33 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.01.07 10:48:33 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.01.07 10:48:33 | 000,014,848 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2010.01.07 10:48:32 | 001,212,416 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3470.20831__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.01.07 10:48:32 | 000,040,960 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.01.07 10:48:32 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.01.07 10:48:32 | 000,020,480 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.01.07 10:48:32 | 000,019,456 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3470.20910__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.01.07 10:48:31 | 000,061,440 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3470.20824__90ba9c70f846762e\APM.Server.dll MOD - [2010.01.07 10:48:31 | 000,045,056 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3470.20822__90ba9c70f846762e\AEM.Server.dll MOD - [2010.01.07 10:48:31 | 000,032,768 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2009.04.22 22:53:56 | 000,969,040 | ---- | M] () -- H:\Programme\Logitech\Vid HD\QtNetwork4.dll MOD - [2009.04.10 00:04:56 | 002,141,008 | ---- | M] () -- H:\Programme\Logitech\Vid HD\QtCore4.dll MOD - [2009.03.03 23:18:08 | 000,138,064 | ---- | M] () -- H:\Programme\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll MOD - [2009.03.03 23:18:06 | 000,035,152 | ---- | M] () -- H:\Programme\Logitech\Vid HD\plugins\imageformats\qico4.dll MOD - [2009.03.03 23:18:06 | 000,029,008 | ---- | M] () -- H:\Programme\Logitech\Vid HD\plugins\imageformats\qgif4.dll MOD - [2009.03.03 23:17:46 | 011,311,952 | ---- | M] () -- H:\Programme\Logitech\Vid HD\QtWebKit4.dll MOD - [2009.03.03 23:17:46 | 000,363,856 | ---- | M] () -- H:\Programme\Logitech\Vid HD\QtXml4.dll MOD - [2009.03.03 23:17:44 | 000,200,016 | ---- | M] () -- H:\Programme\Logitech\Vid HD\QtSql4.dll MOD - [2009.03.03 23:17:40 | 000,475,472 | ---- | M] () -- H:\Programme\Logitech\Vid HD\QtOpenGL4.dll MOD - [2009.03.03 23:17:38 | 007,704,400 | ---- | M] () -- H:\Programme\Logitech\Vid HD\QtGui4.dll MOD - [2009.03.03 23:17:32 | 000,291,664 | ---- | M] () -- H:\Programme\Logitech\Vid HD\phonon4.dll MOD - [2008.10.30 14:39:12 | 000,016,384 | R--- | M] () -- H:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- H:\WINDOWS\system32\msdmo.dll MOD - [2007.09.21 14:34:48 | 000,073,728 | ---- | M] () -- H:\Programme\Gigabyte\ET5\work.dll MOD - [2007.09.20 14:29:22 | 000,438,272 | ---- | M] () -- H:\Programme\Gigabyte\ET5\Normal.dll MOD - [2007.08.21 11:49:36 | 000,125,504 | ---- | M] () -- H:\Programme\Gigabyte\ET5\MarkFunDrv.dll MOD - [2007.05.14 19:47:24 | 000,073,728 | ---- | M] () -- H:\Programme\Gigabyte\ET5\W83781D.DLL MOD - [2007.01.05 13:23:20 | 000,151,552 | ---- | M] () -- H:\Programme\Gigabyte\ET5\etiv.dll MOD - [2007.01.03 20:38:44 | 000,207,680 | ---- | M] () -- H:\Programme\Gigabyte\ET5\GUI.exe MOD - [2004.07.26 11:03:50 | 000,249,856 | ---- | M] () -- H:\Programme\ScanWizard 5\SFRes.dll MOD - [2004.03.05 11:33:58 | 000,045,056 | ---- | M] () -- H:\Programme\ScanWizard 5\Scanners\MS32RES.DLL MOD - [2003.11.19 09:18:52 | 000,028,672 | ---- | M] () -- H:\Programme\Gigabyte\ET5\mibdata.dll MOD - [2003.08.25 12:55:30 | 000,086,016 | ---- | M] () -- H:\Programme\ScanWizard 5\Scanners\Msmgr32.dll MOD - [2003.06.30 09:30:28 | 000,315,392 | ---- | M] () -- H:\Programme\ScanWizard 5\ScannerFinder.exe MOD - [2003.04.17 17:22:34 | 000,049,152 | ---- | M] () -- H:\Programme\ScanWizard 5\Scanners\Mphase32.dll MOD - [2003.02.14 14:11:46 | 000,102,400 | ---- | M] () -- H:\Programme\Gigabyte\ET5\Sound.dll MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- H:\WINDOWS\system32\pdfcmnnt.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.10.10 19:10:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.09 15:44:44 | 000,799,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- H:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- H:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- H:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.13 20:17:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- H:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.13 20:17:18 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- H:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.13 20:17:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- H:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.04 02:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- H:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2009.11.29 07:50:51 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- H:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA) SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2004.09.13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- H:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) SRV - [2004.09.13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Running] -- H:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Auto | Stopped] -- H:\WINDOWS\SYSTEM32\DRIVERS\dmef.sys -- (dmef) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.13 20:17:19 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.13 20:17:19 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- H:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.16 10:54:40 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2011.06.02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.06.02 06:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.06.02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.03.04 02:30:26 | 004,333,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) DRV - [2011.03.04 02:29:00 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2010.12.21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.12.21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) DRV - [2010.12.21 06:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb) DRV - [2010.12.21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.10.30 20:08:35 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010.10.30 20:08:35 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.13 18:55:33 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA) DRV - [2009.11.20 18:00:04 | 000,016,512 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009.07.02 12:49:32 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.06.02 08:26:28 | 000,099,856 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2007.11.10 03:20:02 | 000,029,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2007.09.20 18:07:40 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007.09.20 18:07:38 | 000,053,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007.09.19 10:16:32 | 004,617,728 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007.08.21 11:49:28 | 000,017,912 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- H:\Programme\Gigabyte\ET5\MARKFUN.W32 -- (MarkFun_NT) DRV - [2006.11.24 14:47:50 | 000,040,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv) DRV - [2004.09.13 11:58:10 | 000,007,680 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- H:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2004.09.13 11:54:46 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass) DRV - [2004.09.13 11:54:06 | 000,093,440 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- H:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2004.09.13 10:54:54 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- H:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 9D 36 82 DA BD CD 01 [binary data] IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - H:\Programme\pdfforge Toolbar\IE\6.5\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - H:\Programme\Hotspot_Shield\prxtbHot2.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{1BC6DC53-2040-47D3-A7E7-FF4D4BA2EFD4}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552 IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: H:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: H:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{d591241b-9967-418c-9b7d-ee128131d60d}: H:\Programme\GMX\GMX MultiMessenger\ThunderbirdSyncProxy [2011.08.12 12:58:49 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - H:\Programme\pdfforge Toolbar\IE\6.5\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - H:\Programme\Hotspot_Shield\prxtbHot2.dll (Conduit Ltd.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - H:\Programme\pdfforge Toolbar\IE\6.5\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - H:\Programme\Hotspot_Shield\prxtbHot2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - H:\Programme\Hotspot_Shield\prxtbHot2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] H:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ApnUpdater] H:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] H:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] H:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] H:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [Easy-PrintToolBox] H:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [EasyTuneV] H:\Programme\Gigabyte\ET5\ETcall.exe () O4 - HKLM..\Run: [InCD] H:\Programme\Ahead\InCD\InCD.exe (Ahead Software AG) O4 - HKLM..\Run: [KiesTrayAgent] H:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LWS] H:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found O4 - HKLM..\Run: [SearchSettings] H:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Windows Defender] H:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [KiesHelper] H:\Programme\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] H:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [Logitech Vid] H:\Programme\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = H:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = H:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = H:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Scanner Finder.lnk = H:\Programme\ScanWizard 5\ScannerFinder.exe () O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SkyHistory.lnk = H:\Programme\Scand LLC\SkyHistory\SkyHistoryService.exe () O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ulead Kalendar Checker 4.0 SE.lnk = H:\Programme\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe (Ulead Systems, Inc.) O4 - Startup: H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = H:\Programme\WISO\Sparbuch 2011\mshaktuell.exe () O4 - Startup: H:\Dokumente und Einstellungen\*****\Startmenü\Programme\Autostart\Dropbox.lnk = H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - H:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Easy-WebPrint - Drucken - H:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - H:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - H:\Programme\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - H:\Programme\Canon\Easy-WebPrint\Resource.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258746107953 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Programme\Scand LLC\SkyHistory\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - H:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - H:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: H:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: H:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - H:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - H:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.10.11 19:57:42 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: clipsink - (H:\WINDOWS\system32\charhCut.dll) - File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.08 20:43:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- H:\Dokumente und Einstellungen\*****\Desktop\OTL.exe [2012.11.08 20:26:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- H:\Programme\OTL.exe [2012.11.08 20:06:23 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes [2012.11.08 20:06:02 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.08 20:06:01 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.11.08 20:06:00 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys [2012.11.08 20:06:00 | 000,000,000 | ---D | C] -- H:\Programme\Malwarebytes' Anti-Malware [2012.11.08 19:53:27 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- H:\Programme\mbam-setup-1.65.1.1000.exe [2012.11.01 19:27:20 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nyljfhvtnllhlbs [2012.10.26 15:09:30 | 000,000,000 | ---D | C] -- H:\WINDOWS\System32\UAs [2012.10.26 15:09:27 | 000,000,000 | ---D | C] -- H:\WINDOWS\System32\kock [2012.10.21 18:31:45 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Search Settings [2012.10.21 18:31:40 | 000,000,000 | ---D | C] -- H:\Programme\Gemeinsame Dateien\Spigot [2012.10.21 18:31:40 | 000,000,000 | ---D | C] -- H:\Programme\pdfforge Toolbar [2012.10.21 18:31:40 | 000,000,000 | ---D | C] -- H:\Programme\Application Updater [2011.10.02 07:55:16 | 085,986,424 | ---- | C] (Samsung Electronics Co., Ltd. ) -- H:\Programme\Kies_2.0.3.11082_152_4.exe [2011.09.08 18:33:18 | 005,461,664 | ---- | C] (ManiacTools.com ) -- H:\Programme\m4a-to-mp3-converter6.2.exe [2011.08.13 11:47:02 | 014,276,088 | ---- | C] (Google Inc.) -- H:\Programme\picasa38-setup.exe [2011.08.12 12:55:55 | 016,627,072 | ---- | C] (GMX GmbH) -- H:\Programme\gmx_multimessenger.exe [2010.07.10 17:27:12 | 017,874,088 | ---- | C] (pdfforge GbR) -- H:\Programme\PDFCreator-1_0_1_setup.exe [8 H:\Dokumente und Einstellungen\*****\Eigene Dateien\*.tmp files -> H:\Dokumente und Einstellungen\*****\Eigene Dateien\*.tmp -> ] [5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ] [2 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.09 07:52:00 | 000,000,226 | ---- | M] () -- H:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2012.11.09 07:45:16 | 000,000,000 | ---- | M] () -- H:\Dokumente und Einstellungen\*****\defogger_reenable [2012.11.09 07:39:57 | 000,473,648 | ---- | M] () -- H:\WINDOWS\System32\perfh007.dat [2012.11.09 07:39:57 | 000,432,784 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat [2012.11.09 07:39:57 | 000,090,326 | ---- | M] () -- H:\WINDOWS\System32\perfc007.dat [2012.11.09 07:39:57 | 000,067,740 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat [2012.11.09 07:38:54 | 000,000,322 | -H-- | M] () -- H:\WINDOWS\tasks\MP Scheduled Scan.job [2012.11.09 07:35:56 | 000,001,084 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.09 07:35:32 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat [2012.11.09 07:35:31 | 000,219,120 | ---- | M] () -- H:\WINDOWS\System32\ativvaxx.cap [2012.11.09 07:09:10 | 000,001,088 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.09 07:09:00 | 000,000,884 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.08 21:39:53 | 000,013,700 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl [2012.11.08 20:44:27 | 000,302,592 | ---- | M] () -- H:\Dokumente und Einstellungen\*****\Desktop\jv2w913k.exe [2012.11.08 20:43:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\*****\Desktop\OTL.exe [2012.11.08 20:43:25 | 000,050,477 | ---- | M] () -- H:\Dokumente und Einstellungen\*****\Desktop\Defogger.exe [2012.11.08 20:26:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Programme\OTL.exe [2012.11.08 20:25:34 | 000,050,477 | ---- | M] () -- H:\Programme\Defogger.exe [2012.11.08 20:06:02 | 000,000,760 | ---- | M] () -- H:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.08 20:05:54 | 000,000,051 | ---- | M] () -- H:\WINDOWS\System32\blckdom.res [2012.11.08 19:53:38 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- H:\Programme\mbam-setup-1.65.1.1000.exe [2012.11.01 19:27:19 | 000,076,340 | ---- | M] () -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ospqkedezcmgykc [2012.10.26 11:58:01 | 000,000,276 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.10.22 21:09:45 | 000,301,059 | ---- | M] () -- H:\Dokumente und Einstellungen\*****\Desktop\General+Industry+Program+Report Schinnen Army.pdf [2012.10.22 21:05:15 | 000,300,755 | ---- | M] () -- H:\Dokumente und Einstellungen\*****\Desktop\General+Industry+Program+Report Schinnen *****.pdf [2012.10.22 21:00:07 | 000,300,708 | ---- | M] () -- H:\Dokumente und Einstellungen\*****\Desktop\General+Industry+Program+Report SCHINNEN *****_pdf.pdf [2012.10.18 20:08:00 | 000,001,324 | ---- | M] () -- H:\WINDOWS\System32\d3d9caps.dat [2012.10.17 19:10:02 | 000,000,035 | ---- | M] () -- H:\WINDOWS\Ulead32.INI [2012.10.10 20:57:45 | 000,001,393 | ---- | M] () -- H:\WINDOWS\imsins.BAK [8 H:\Dokumente und Einstellungen\*****\Eigene Dateien\*.tmp files -> H:\Dokumente und Einstellungen\*****\Eigene Dateien\*.tmp -> ] [5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ] [2 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.09 07:45:16 | 000,000,000 | ---- | C] () -- H:\Dokumente und Einstellungen\*****\defogger_reenable [2012.11.08 20:44:26 | 000,302,592 | ---- | C] () -- H:\Dokumente und Einstellungen\*****\Desktop\jv2w913k.exe [2012.11.08 20:43:25 | 000,050,477 | ---- | C] () -- H:\Dokumente und Einstellungen\*****\Desktop\Defogger.exe [2012.11.08 20:25:34 | 000,050,477 | ---- | C] () -- H:\Programme\Defogger.exe [2012.11.08 20:06:02 | 000,000,760 | ---- | C] () -- H:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.01 19:27:15 | 000,076,340 | ---- | C] () -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ospqkedezcmgykc [2012.10.26 15:09:45 | 000,000,051 | ---- | C] () -- H:\WINDOWS\System32\blckdom.res [2012.10.22 21:09:43 | 000,301,059 | ---- | C] () -- H:\Dokumente und Einstellungen\*****\Desktop\General+Industry+Program+Report Schinnen Army.pdf [2012.10.22 21:04:10 | 000,300,755 | ---- | C] () -- H:\Dokumente und Einstellungen\*****\Desktop\General+Industry+Program+Report Schinnen *****.pdf [2012.10.22 21:00:03 | 000,300,708 | ---- | C] () -- H:\Dokumente und Einstellungen\*****\Desktop\General+Industry+Program+Report SCHINNEN *****_pdf.pdf [2012.08.30 21:40:41 | 004,503,728 | ---- | C] () -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ism_0_llatsni.pad [2012.05.13 20:54:02 | 001,673,616 | ---- | C] () -- H:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.02.15 20:29:13 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll [2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- H:\WINDOWS\MusiccityDownload.exe [2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- H:\WINDOWS\System32\cis-2.4.dll [2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- H:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- H:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- H:\WINDOWS\System32\issacapi_se-2.3.dll [2011.09.09 20:13:19 | 021,073,936 | ---- | C] () -- H:\Programme\vlc-1.1.11-win32.exe [2011.03.10 17:07:12 | 000,014,168 | ---- | C] () -- H:\WINDOWS\System32\drivers\iKeyLFT2.dll [2011.03.04 02:26:22 | 010,877,272 | ---- | C] () -- H:\WINDOWS\System32\LogiDPP.dll [2011.03.04 02:26:22 | 000,102,744 | ---- | C] () -- H:\WINDOWS\System32\LogiDPPApp.exe [2011.03.04 02:26:16 | 000,331,608 | ---- | C] () -- H:\WINDOWS\System32\DevManagerCore.dll [2011.03.04 02:14:50 | 000,027,362 | ---- | C] () -- H:\WINDOWS\System32\lvcoinst.ini [2010.04.10 21:19:03 | 000,007,541 | ---- | C] () -- H:\Dokumente und Einstellungen\*****\.recently-used.xbel [2010.04.10 14:08:22 | 002,708,156 | ---- | C] () -- H:\Programme\Apo202.exe [2010.04.10 07:35:01 | 018,234,256 | ---- | C] ( ) -- H:\Programme\gimp-2.6.8-i686-setup.exe [2009.12.28 17:27:19 | 000,000,186 | ---- | C] () -- H:\Dokumente und Einstellungen\*****\default.pls [2009.12.03 20:22:49 | 000,028,160 | ---- | C] () -- H:\Dokumente und Einstellungen\*****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.11.27 17:00:05 | 000,000,227 | RHS- | M] () -- H:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.09.25 06:35:26 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = H:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = H:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.09.03 07:46:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2011.08.24 18:39:09 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2011.08.24 19:59:25 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP [2011.12.11 15:34:23 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV [2011.08.24 19:59:25 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2 [2011.08.24 18:44:08 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMSetup [2011.08.24 19:59:25 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter [2012.11.01 19:27:39 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM [2011.08.24 19:59:26 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenuEX [2011.08.24 18:42:04 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt [2011.08.12 12:59:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX [2012.11.01 19:27:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nyljfhvtnllhlbs [2011.10.02 08:00:18 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2011.06.30 17:57:56 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\AskToolbar [2010.09.03 07:47:01 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Buhl Data Service [2010.12.23 08:10:36 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\CD-LabelPrint [2012.11.09 07:38:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Dropbox [2011.08.12 12:59:01 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\GMX [2010.04.10 21:19:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\gtk-2.0 [2012.07.29 06:27:25 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Leadertech [2010.07.10 21:00:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\pdfforge [2012.11.08 21:09:23 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\PriceGong [2011.10.02 07:58:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Samsung [2012.10.21 18:31:45 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Search Settings [2012.05.01 21:05:35 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Temp [2009.11.27 16:58:26 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Windows Desktop Search [2009.12.04 08:51:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Windows Search ========== Purity Check ========== < End of report > OTL EXTRAS OTL Extras logfile created on: 09.11.2012 07:47:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = H:\Dokumente und Einstellungen\*****\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 76,20% Memory free 5,09 Gb Paging File | 3,73 Gb Available in Paging File | 73,19% Paging File free Paging file location(s): H:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Programme Drive C: | 125,46 Gb Total Space | 40,58 Gb Free Space | 32,34% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 8,83 Gb Free Space | 9,05% Space Free | Partition Type: NTFS Drive E: | 9,76 Gb Total Space | 9,75 Gb Free Space | 99,95% Space Free | Partition Type: FAT32 Drive H: | 161,14 Gb Total Space | 118,78 Gb Free Space | 73,71% Space Free | Partition Type: NTFS Computer Name: ARBEITSZIMMER | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "H:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "H:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "H:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "H:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet  isabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet isabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet isabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet isabled:@xpsp2res.dll,-22002========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "H:\WINDOWS\system32\mmc.exe" = H:\WINDOWS\system32\mmc.exe:* isabled:Microsoft Management Console -- (Microsoft Corporation)"H:\Programme\Messenger\msmsgs.exe" = H:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "H:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE" = H:\Programme\GMX\GMX MultiMessenger\MESSENGR.EXE:*:Enabled:GMX MultiMessenger -- (GMX GmbH) "H:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = H:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "H:\WINDOWS\system32\muzapp.exe" = H:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) "H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = H:\Dokumente und Einstellungen\*****\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled ropbox -- (Dropbox, Inc.)"H:\Programme\Skype\Phone\Skype.exe" = H:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "H:\Programme\Logitech\Vid HD\Vid.exe" = H:\Programme\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009 "{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011 "{0468A4CF-069D-86B6-84BD-F8E4F86E2631}" = Catalyst Control Center Graphics Previews Common "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{169917C4-4A77-45F4-B20E-860703FD5E6F}" = pdfforge Toolbar v6.5 "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{238B8820-011B-11D6-9C28-0080C85A0C2D}" = Transparency Adaptor Calibrator "{25B9C7BE-5CFD-6173-D3E1-6E4C9EBD8658}" = Catalyst Control Center Graphics Light "{26999308-FF96-5FBF-B2DB-12E66346FA3A}" = CCC Help German "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29 "{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool "{2927733E-A961-BA53-03C5-03774A081030}" = ccc-core-static "{30148775-0642-7507-58EA-3CDB7E828BA2}" = Catalyst Control Center Core Implementation "{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{3972209B-4946-9B49-1911-0AC122FB8073}" = CCC Help Russian "{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B7.0108.01 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{43165058-0CD3-F336-0B4E-879A03DC8F50}" = Catalyst Control Center Graphics Full Existing "{43F18082-D8A1-5A37-829D-CF1C4ED9ED2A}" = CCC Help Portuguese "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010 "{4905D4CA-7295-F988-AE8A-B04675295133}" = CCC Help Thai "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{55A83F62-4CC7-8A5F-0FB0-FE55B53B3ED1}" = CCC Help Finnish "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B31B7DD-ED2E-F515-C900-B2E91138A34F}" = ccc-core-preinstall "{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard "{5F032DC8-A020-D42E-F2E6-41C748A92A06}" = Catalyst Control Center Graphics Full New "{618A812B-3099-8DB2-C8E4-95D15A7B7CD5}" = Catalyst Control Center HydraVision Full "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6A7E75AF-C2C7-4B1E-FE46-E0979833D6D5}" = CCC Help Spanish "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71AFFCBF-0864-C19D-0C07-5DF67BA0382D}" = CCC Help Turkish "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7876AE8D-08D8-3A1C-A1F4-E7F255DDBBEA}" = ccc-utility "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{8425081E-FEFF-6E4B-408E-53345859896C}" = CCC Help English "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90FE2C60-A4C3-D61D-790A-9493EE405AEA}" = CCC Help Swedish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A8BBAA6B-71BE-4AA2-A9DE-76BF38473E5F}" = ATI AVIVO Codecs "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{ADAA5D11-5D8F-31EC-1992-693239110308}" = CCC Help French "{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0 "{B03A7F40-A817-4c68-9954-2B2223BE91AA}_is1" = SkyHistory 1.2.3 "{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5 "{B21C00B6-2B53-BB00-B4FE-27316019A9C5}" = CCC Help Chinese Traditional "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE "{BD7CDF5A-315E-A085-CF42-921B37D7A507}" = CCC Help Hungarian "{BE9269F2-562B-7BC7-9BE9-16EF8B52B403}" = Catalyst Control Center Localization All "{BF243C52-D0D2-A777-D388-DFCCF00FFC23}" = CCC Help Dutch "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C7370250-3AA3-23F8-DE52-21701C911BBD}" = CCC Help Korean "{C7DA1638-A3B9-0AF6-B1B3-5ACBC08E7204}" = CCC Help Polish "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D472CC91-8FFC-B07C-F755-363498CF7724}" = CCC Help Danish "{D68E33C8-F508-F069-FF15-59B2BF50B0D3}" = CCC Help Japanese "{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord "{E236A12C-FE29-49C4-C10C-F9AFF2EE8D39}" = CCC Help Chinese Standard "{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B07.0509.01 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EFA83B92-06EA-D90D-1342-A7872D97B89F}" = CCC Help Italian "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition "{FAFD1909-311F-2035-6C97-7151A3B485C5}" = CCC Help Greek "{FD433CFA-5819-54FC-005C-140926CDBB6F}" = CCC Help Czech "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF97034A-E1FE-CC80-E5D4-549796B72E36}" = CCC Help Norwegian "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "Apophysis 2.0" = Apophysis 2.0 "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira Free Antivirus "BookSmart® 3.2.2 3.2.2" = BookSmart® 3.2.2 3.2.2 "Canon iP4800 series Benutzerregistrierung" = Canon iP4800 series Benutzerregistrierung "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "EasyTune5" = EasyTune5 "Easy-WebPrint" = Easy-WebPrint "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "GMX MultiMessenger" = GMX MultiMessenger "Hotspot_Shield Toolbar" = Hotspot Shield Toolbar "ie8" = Windows Internet Explorer 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSNINST" = MSN "NeroMultiInstaller!UninstallKey" = Nero Suite "Network Stumbler" = Network Stumbler 0.4.0 (remove only) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Picasa 3" = Picasa 3 "SystemRequirementsLab" = System Requirements Lab "VLC media player" = VLC media player 1.1.11 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.8 "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.10.2012 06:31:58 | Computer Name = ARBEITSZIMMER | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 02.11.2012 17:21:38 | Computer Name = ARBEITSZIMMER | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 02.11.2012 17:40:03 | Computer Name = ARBEITSZIMMER | Source = PerfNet | ID = 2005 Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2. Error - 02.11.2012 17:40:03 | Computer Name = ARBEITSZIMMER | Source = PerfNet | ID = 2006 Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2. Error - 02.11.2012 17:42:58 | Computer Name = ARBEITSZIMMER | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 02.11.2012 17:50:39 | Computer Name = ARBEITSZIMMER | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 03.11.2012 05:36:00 | Computer Name = ARBEITSZIMMER | Source = PerfNet | ID = 2005 Description = Die Leistungsinformationen vom Serverdienst konnten nicht gelesen werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2. Error - 03.11.2012 05:36:00 | Computer Name = ARBEITSZIMMER | Source = PerfNet | ID = 2006 Description = Die Server Queue-Leistungsinformationen konnten nicht gelesen werden. Es werden keine Server-Leistungsinformationen zurückgegeben. Der zurückgegebene Fehlercode ist DWORD 0, der IOSB.Status ist DWORD 1 und die IOSB.Information ist DWORD 2. Error - 08.11.2012 20:41:02 | Computer Name = ARBEITSZIMMER | Source = MPSampleSubmission | ID = 5000 Description = Error - 08.11.2012 20:58:05 | Computer Name = ARBEITSZIMMER | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 02.11.2012 18:05:41 | Computer Name = ARBEITSZIMMER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "dmef" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.11.2012 05:12:12 | Computer Name = ARBEITSZIMMER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "dmef" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.11.2012 05:15:54 | Computer Name = ARBEITSZIMMER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "dmef" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.11.2012 05:26:53 | Computer Name = ARBEITSZIMMER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "dmef" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.11.2012 05:32:37 | Computer Name = ARBEITSZIMMER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "dmef" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.11.2012 05:36:13 | Computer Name = ARBEITSZIMMER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "dmef" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.11.2012 13:51:36 | Computer Name = ARBEITSZIMMER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "dmef" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.11.2012 16:29:25 | Computer Name = ARBEITSZIMMER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "dmef" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.11.2012 19:42:05 | Computer Name = ARBEITSZIMMER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "dmef" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 09.11.2012 02:36:08 | Computer Name = ARBEITSZIMMER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "dmef" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > GMER GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-11-09 17:28:07 Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-22 WDC_WD2500JD-00HBB0 rev.08.02D08 Running: jv2w913k.exe; Driver: H:\DOKUME~1\*****\LOKALE~1\Temp\kwtiipog.sys ---- System - GMER 1.0.15 ---- SSDT F7A54F1C ZwClose SSDT F7A54ED6 ZwCreateKey SSDT F7A54F26 ZwCreateSection SSDT F7A54ECC ZwCreateThread SSDT F7A54EDB ZwDeleteKey SSDT F7A54EE5 ZwDeleteValueKey SSDT F7A54F17 ZwDuplicateObject SSDT F7A54EEA ZwLoadKey SSDT F7A54EB8 ZwOpenProcess SSDT F7A54EBD ZwOpenThread SSDT F7A54F3F ZwQueryValueKey SSDT F7A54EF4 ZwReplaceKey SSDT F7A54F30 ZwRequestWaitReplyPort SSDT F7A54EEF ZwRestoreKey SSDT F7A54F2B ZwSetContextThread SSDT F7A54F35 ZwSetSecurityObject SSDT F7A54EE0 ZwSetValueKey SSDT F7A54F3A ZwSystemDebugControl SSDT F7A54EC7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + 1FE 804E4A58 4 Bytes JMP 94F7A54E .text H:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6DB3000, 0x236D87, 0xE8000020] .text H:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA8E62300, 0x3B6D8, 0xE8000020] .text H:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF77AF300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text H:\WINDOWS\system32\SearchIndexer.exe[1284] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C H:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text H:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1832] ntdll.dll!DbgUiRemoteBreakin 7C9620EC 1 Byte [C3] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Ahead Software AG) ---- EOF - GMER 1.0.15 ---- Ich hoffe, ich habe soweit alles richtig gemacht. Werde wieder offline gehen, Seiten mit Passwörtern, Email etc. werde ich erstmal lassen, bis ich von Euch einen Rat bekomme, wie ich die lästigen Gäste wieder loswerde. Zum Glück habe ich alle Daten (Bilder, Texte, ...) auf einer separaten Festplatte und laut Avira scheint die nicht befallen zu sein. Und noch einen "sauberen" Laptop  Der Scan im Hintergrund mit Avira hat übrigens schon wieder 11 Warnungen ausgespuckt (läuft noch) .... :-( Vielen Dank im Voraus! LG, MinkaSylvest |
| Themen zu Trojaner Weelsof.C.187 und Agent.53248.4 unter WinXP |
| agent.53248.4, antivirus, avira searchfree toolbar, branding, browser, canon, festplatte, flash player, fontcache, hijack.userinit, homepage, hotspot, malware.trace, mmc.exe, ms.exe, ntdll.dll, pdfforge toolbar, plug-in, problem, realtek, registry, security, software, stolen.data, trojan.agent, trojan.banker, trojan.delf, trojan.downloader, trojan.ransom.gen, trojan.weelsof, trojaner, weelsof.c.187, wgsdgsdgdsgsd.exe, windows internet, xmldm |
Baum-Darstellung