| |
| |||||||
Log-Analyse und Auswertung: BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.03.2012, 20:36
| #1 |
| |  BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber? Hallo allerseits, ich habe gestern den berüchtigten BKA-Trojaner eingefangen, konnte ihn aber mittels Systemwiederherstellung "loswerden". Jedenfalls war danach nix mehr davon zu sehen. Trotzdem weiss ich jetzt nicht, ob das Ding noch auf meinem PC ist. Sonst habe ich schon seit längerem das Problem, was Windows langsam arbeitet und der Explorer absolut falsche Seiten öffnet. Ich habe Avira und Antimalwarebytes durchlaufen lassen, da wurde einiges gefunden, wohl auch entfernt. Nun habe ich die logs erstellt. Kann bitte jemand nachschauen, ob das alles ok ist? Danke, Aloha PS: mein OTL-Flie war zu groß. habs in 2 geteilt |
|
19.03.2012, 10:34
| #2 | |||||
| /// Helfer-Team    | BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber? Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Falls unter Systemsteuerung-> "Programme und Funktionen" existiert... Hast Du aus Unwissenheit zugestimmt? Brauchst den Webguard nicht? dann Deinstalliere: Zitat:
Hinweise zum Einsatz von Freeware-Version Avira AntiVir Personal: Hier klicken zum Weiterlesen: -> http://www.chip.de/news/AntiVir-Serv..._45444953.html ► Wer möchte diese Adware auf seinen Rechner haben?! 2. Zur Info - zu ZoneAlarm: möchte dir drei Gründe nennen, warum nicht zu empfehlen ist: 1., In der letzten Zeit bei viele PC`s akutes Problem verbreitet hat, wie z.B.: "Tastatur reagiert langsam, System/Internet plötzlich langsam wird, Internet funktioniert nicht, Desktopsymbole verschwunden, Programme reagieren verzögert, Abstürze usw..." 2., Bis auf die Tatsache, dass der Hersteller seine Unkosten durch "Conduit Ltd" / Adware finanziert, daher für mich sieht das nicht seriös aus, gehört in die Mülltonne !! solange ZA installiert, nach Entfernung installiert sich Conduit eh wieder... 3., Der Angreifer kann sich jeder Zeit erhöhte Rechte verschaffen, Firewall und Virenschutz manipulieren und abschalten kann!  4., wie du siehst, hat jetzt auch nicht viel geholfen bzw das vorzeitige Eindringen dieser Malware im System nicht zuverlässig verhindern können! wie entscheidest Du dich? ich würde ihn deinstallieren/Entfernen und die Win Firewall einschalten. Wirst Du sehen, wie dein Rechner schneller hoch fährt 3. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2613550
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{BDF755F1-73DC-43A3-A4B5-ECDB82045EFA}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{F741C093-532C-4F08-A459-2C34EAF5AD5C}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.29 12:53:40 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
[2011.12.04 21:19:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5053
[2011.12.01 22:07:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5052
[2011.11.28 19:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5051
[2011.11.25 20:17:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5050
[2011.11.24 20:58:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5049
[2011.11.23 22:50:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5048
[2011.11.21 13:57:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5045
[2011.11.20 14:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5044
[2011.11.18 21:00:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5043
[2011.11.17 20:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5042
[2011.11.11 22:09:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5039
[2011.11.06 11:08:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5038
[2011.10.24 19:20:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5037
[2011.10.24 10:35:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5036
[2011.10.18 18:46:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5035
[2011.10.15 11:59:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5034
[2011.10.12 15:40:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5033
[2011.10.10 22:38:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5032
[2011.10.07 18:57:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5031
[2011.10.03 12:59:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5030
[2011.09.29 22:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2011.09.28 22:22:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5029
[2011.09.28 22:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
:Files
C:\WINDOWS\System32\5053
C:\WINDOWS\System32\5052
C:\WINDOWS\System32\5051
C:\WINDOWS\System32\5050
C:\WINDOWS\System32\5049
C:\WINDOWS\System32\5048
C:\WINDOWS\System32\5045
C:\WINDOWS\System32\5044
C:\WINDOWS\System32\5043
C:\WINDOWS\System32\5042
C:\WINDOWS\System32\5039
C:\WINDOWS\System32\5038
C:\WINDOWS\System32\5037
C:\WINDOWS\System32\5036
C:\WINDOWS\System32\5035
C:\WINDOWS\System32\5034
C:\WINDOWS\System32\5033
C:\WINDOWS\System32\5032
C:\WINDOWS\System32\5031
C:\WINDOWS\System32\5030
C:\WINDOWS\System32\UAs
C:\WINDOWS\System32\5029
C:\WINDOWS\System32\kock
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
4. sagt mir nichts, Dir bekannt?: C:\WINDOWS\tasks\BBAL.job 5. Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen: Code:
ATTFilter Malwarebytes
(alle vorhandenen Protokolle!)
6. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
7. erneut einen Scan mit OTL:
Zitat:
Zitat:
kira
__________________ |
|
19.03.2012, 20:52
| #3 |
| | BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber? Hi,
__________________Danke für die Hilfe. Ich habe bisher Avira SearchFree Toolbar plus WebGuard Ask.com und Zonealarm deinstalliert, Win Firewall war eh eingeschaltet. Mache jetzt weiter. |
|
20.03.2012, 08:16
| #5 | ||
| /// Helfer-Team | BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber? 1. OTL wurde falsch installiert!: Zitat:
so soll etwa aussehen: Zitat:
Systemscan mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
2. führe bitte das OTL-Fixes im abgesicherten Modus aus - NUR den rot gefärbten Text/Schrift bitte in das OTL-Textfeld reinkopieren : ♦ PC neu starten ♦ Drücke gleich mehrmals die F8-Taste. Am besten mehrmals und schnell nacheinander drücken. ♦ Wähle in der Liste, die nun erscheint, den abgesicherten Modus aus. Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2613550
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{BDF755F1-73DC-43A3-A4B5-ECDB82045EFA}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{F741C093-532C-4F08-A459-2C34EAF5AD5C}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.29 12:53:40 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
[2011.12.04 21:19:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5053
[2011.12.01 22:07:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5052
[2011.11.28 19:38:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5051
[2011.11.25 20:17:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5050
[2011.11.24 20:58:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5049
[2011.11.23 22:50:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5048
[2011.11.21 13:57:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5045
[2011.11.20 14:41:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5044
[2011.11.18 21:00:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5043
[2011.11.17 20:35:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5042
[2011.11.11 22:09:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5039
[2011.11.06 11:08:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5038
[2011.10.24 19:20:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5037
[2011.10.24 10:35:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5036
[2011.10.18 18:46:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5035
[2011.10.15 11:59:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5034
[2011.10.12 15:40:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5033
[2011.10.10 22:38:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5032
[2011.10.07 18:57:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5031
[2011.10.03 12:59:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5030
[2011.09.29 22:41:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2011.09.28 22:22:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5029
[2011.09.28 22:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
:Files
C:\WINDOWS\System32\5053
C:\WINDOWS\System32\5052
C:\WINDOWS\System32\5051
C:\WINDOWS\System32\5050
C:\WINDOWS\System32\5049
C:\WINDOWS\System32\5048
C:\WINDOWS\System32\5045
C:\WINDOWS\System32\5044
C:\WINDOWS\System32\5043
C:\WINDOWS\System32\5042
C:\WINDOWS\System32\5039
C:\WINDOWS\System32\5038
C:\WINDOWS\System32\5037
C:\WINDOWS\System32\5036
C:\WINDOWS\System32\5035
C:\WINDOWS\System32\5034
C:\WINDOWS\System32\5033
C:\WINDOWS\System32\5032
C:\WINDOWS\System32\5031
C:\WINDOWS\System32\5030
C:\WINDOWS\System32\UAs
C:\WINDOWS\System32\5029
C:\WINDOWS\System32\kock
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Dann mit Punkt 4 weiter...
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (20.03.2012 um 08:22 Uhr) |
|
20.03.2012, 21:41
| #6 |
| | BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber? Hi, hab OLT entfernt und neu auf dem Desktop gespeichert und es geht trotzdem nicht, hängt sich auf nachdem ich den Fix-Button klicke, ausserdem erscheint ein leeres Fenster von Malwarebytes. Vielleicht hats ja damit zu tun oder kann es sein, dass Avira es blockt. Da hatte ich aber vorher die Auostart-Blockierung ausgeschaltet. Weiss nicht weiter... |
|
21.03.2012, 07:31
| #7 |
| /// Helfer-Team | BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber? führe bitte das OTL-Fixes im abgesicherten Modus aus: ♦ PC neu starten ♦ Drücke gleich mehrmals die F8-Taste. Am besten mehrmals und schnell nacheinander drücken. ♦ Wähle in der Liste, die nun erscheint, den abgesicherten Modus aus. weitere Schritte dann im normalen Modus abarbeiten
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
22.03.2012, 23:48
| #8 |
| | BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber? Hi, im abgesicherten Modus hat das Fix geklappt. Habe es aber zuerst mit den "schwarzen" und danach noch einmal mit den "roten" Fixes durchgeführt. Hier sind die logs dazu: schwarz: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF755F1-73DC-43A3-A4B5-ECDB82045EFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF755F1-73DC-43A3-A4B5-ECDB82045EFA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F741C093-532C-4F08-A459-2C34EAF5AD5C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F741C093-532C-4F08-A459-2C34EAF5AD5C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
File C:\Programme\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll not found.
File C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File D:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
File E:\setup.exe not found.
Folder C:\WINDOWS\System32\5053\ not found.
Folder C:\WINDOWS\System32\5052\ not found.
Folder C:\WINDOWS\System32\5051\ not found.
Folder C:\WINDOWS\System32\5050\ not found.
Folder C:\WINDOWS\System32\5049\ not found.
Folder C:\WINDOWS\System32\5048\ not found.
Folder C:\WINDOWS\System32\5045\ not found.
Folder C:\WINDOWS\System32\5044\ not found.
Folder C:\WINDOWS\System32\5043\ not found.
Folder C:\WINDOWS\System32\5042\ not found.
Folder C:\WINDOWS\System32\5039\ not found.
Folder C:\WINDOWS\System32\5038\ not found.
Folder C:\WINDOWS\System32\5037\ not found.
Folder C:\WINDOWS\System32\5036\ not found.
Folder C:\WINDOWS\System32\5035\ not found.
Folder C:\WINDOWS\System32\5034\ not found.
Folder C:\WINDOWS\System32\5033\ not found.
Folder C:\WINDOWS\System32\5032\ not found.
Folder C:\WINDOWS\System32\5031\ not found.
Folder C:\WINDOWS\System32\5030\ not found.
Folder C:\WINDOWS\System32\UAs\ not found.
Folder C:\WINDOWS\System32\5029\ not found.
Folder C:\WINDOWS\System32\kock\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\5053 not found.
File\Folder C:\WINDOWS\System32\5052 not found.
File\Folder C:\WINDOWS\System32\5051 not found.
File\Folder C:\WINDOWS\System32\5050 not found.
File\Folder C:\WINDOWS\System32\5049 not found.
File\Folder C:\WINDOWS\System32\5048 not found.
File\Folder C:\WINDOWS\System32\5045 not found.
File\Folder C:\WINDOWS\System32\5044 not found.
File\Folder C:\WINDOWS\System32\5043 not found.
File\Folder C:\WINDOWS\System32\5042 not found.
File\Folder C:\WINDOWS\System32\5039 not found.
File\Folder C:\WINDOWS\System32\5038 not found.
File\Folder C:\WINDOWS\System32\5037 not found.
File\Folder C:\WINDOWS\System32\5036 not found.
File\Folder C:\WINDOWS\System32\5035 not found.
File\Folder C:\WINDOWS\System32\5034 not found.
File\Folder C:\WINDOWS\System32\5033 not found.
File\Folder C:\WINDOWS\System32\5032 not found.
File\Folder C:\WINDOWS\System32\5031 not found.
File\Folder C:\WINDOWS\System32\5030 not found.
File\Folder C:\WINDOWS\System32\UAs not found.
File\Folder C:\WINDOWS\System32\5029 not found.
File\Folder C:\WINDOWS\System32\kock not found.
File\Folder C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.
C:\WINDOWS\tasks\Google Software Updater.job moved successfully.
File\Folder C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.
File\Folder C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.
Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.
Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.
C:\Dokumente und Einstellungen\******\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\******\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Administrator.*******
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ******
->Temp folder emptied: 643375 bytes
->Temporary Internet Files folder emptied: 61641 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 57235959 bytes
->Flash cache emptied: 1498 bytes
User: All Users
User: Besitzer
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8817048 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 64,00 mb
OTL by OldTimer - Version 3.2.39.1 log created on 03222012_232239
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BDF755F1-73DC-43A3-A4B5-ECDB82045EFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF755F1-73DC-43A3-A4B5-ECDB82045EFA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F741C093-532C-4F08-A459-2C34EAF5AD5C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F741C093-532C-4F08-A459-2C34EAF5AD5C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
File C:\Programme\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll not found.
File C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File D:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
File E:\setup.exe not found.
Folder C:\WINDOWS\System32\5053\ not found.
Folder C:\WINDOWS\System32\5052\ not found.
Folder C:\WINDOWS\System32\5051\ not found.
Folder C:\WINDOWS\System32\5050\ not found.
Folder C:\WINDOWS\System32\5049\ not found.
Folder C:\WINDOWS\System32\5048\ not found.
Folder C:\WINDOWS\System32\5045\ not found.
Folder C:\WINDOWS\System32\5044\ not found.
Folder C:\WINDOWS\System32\5043\ not found.
Folder C:\WINDOWS\System32\5042\ not found.
Folder C:\WINDOWS\System32\5039\ not found.
Folder C:\WINDOWS\System32\5038\ not found.
Folder C:\WINDOWS\System32\5037\ not found.
Folder C:\WINDOWS\System32\5036\ not found.
Folder C:\WINDOWS\System32\5035\ not found.
Folder C:\WINDOWS\System32\5034\ not found.
Folder C:\WINDOWS\System32\5033\ not found.
Folder C:\WINDOWS\System32\5032\ not found.
Folder C:\WINDOWS\System32\5031\ not found.
Folder C:\WINDOWS\System32\5030\ not found.
Folder C:\WINDOWS\System32\UAs\ not found.
Folder C:\WINDOWS\System32\5029\ not found.
Folder C:\WINDOWS\System32\kock\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\5053 not found.
File\Folder C:\WINDOWS\System32\5052 not found.
File\Folder C:\WINDOWS\System32\5051 not found.
File\Folder C:\WINDOWS\System32\5050 not found.
File\Folder C:\WINDOWS\System32\5049 not found.
File\Folder C:\WINDOWS\System32\5048 not found.
File\Folder C:\WINDOWS\System32\5045 not found.
File\Folder C:\WINDOWS\System32\5044 not found.
File\Folder C:\WINDOWS\System32\5043 not found.
File\Folder C:\WINDOWS\System32\5042 not found.
File\Folder C:\WINDOWS\System32\5039 not found.
File\Folder C:\WINDOWS\System32\5038 not found.
File\Folder C:\WINDOWS\System32\5037 not found.
File\Folder C:\WINDOWS\System32\5036 not found.
File\Folder C:\WINDOWS\System32\5035 not found.
File\Folder C:\WINDOWS\System32\5034 not found.
File\Folder C:\WINDOWS\System32\5033 not found.
File\Folder C:\WINDOWS\System32\5032 not found.
File\Folder C:\WINDOWS\System32\5031 not found.
File\Folder C:\WINDOWS\System32\5030 not found.
File\Folder C:\WINDOWS\System32\UAs not found.
File\Folder C:\WINDOWS\System32\5029 not found.
File\Folder C:\WINDOWS\System32\kock not found.
File\Folder C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.
C:\WINDOWS\tasks\Google Software Updater.job moved successfully.
File\Folder C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.
File\Folder C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Ein interner Fehler ist aufgetreten: Die Anforderung wird nicht unterstützt.
Wenden Sie sich an den Microsoft Software Service, um weitere Hilfe zu erhalten.
Zusätzliche Informationen: Der Hostname konnte nicht abgefragt werden.
C:\Dokumente und Einstellungen\******\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\******\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Administrator.*******
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ******
->Temp folder emptied: 642489 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 12978496 bytes
->Flash cache emptied: 624 bytes
User: All Users
User: Besitzer
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13554343118 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 12.940,00 mb
OTL by OldTimer - Version 3.2.39.1 log created on 03212012_212407
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Danke! |
|
23.03.2012, 07:25
| #9 | |
| /// Helfer-Team | BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber?Zitat:
 ab Punkt 4. / Posting #2 bitte weiter:-> http://www.trojaner-board.de/111798-...tml#post794881
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
25.03.2012, 00:12
| #10 |
| | BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber? Hallo, jetzt habe ich die Liste abgearbeitet. zu 4: Nein, C:\WINDOWS\tasks\BBAL.job kenne ich nicht und brauche es nicht. Habe es gelöscht. zu 5: hier sind die letzen drei Malwarebytes-Berichte Code:
ATTFilter 2012/03/22 22:24:59 +0100 ******* MESSAGE Executing scheduled update: Daily
2012/03/22 22:25:27 +0100 ******* ******* MESSAGE Scheduled update executed successfully: database updated from version v2012.03.21.03 to version v2012.03.22.04
2012/03/22 22:28:19 +0100 ******* ******* MESSAGE Starting protection
2012/03/22 22:28:39 +0100 ******* ******* MESSAGE Protection started successfully
2012/03/22 22:28:42 +0100 ******* ******* MESSAGE Starting IP protection
2012/03/22 22:29:05 +0100 ******* ******* MESSAGE IP Protection started successfully
2012/03/22 22:29:05 +0100 ******* ******* MESSAGE Starting database refresh
2012/03/22 22:29:05 +0100 ******* ******* MESSAGE Stopping IP protection
2012/03/22 22:29:05 +0100 ******* ******* MESSAGE IP Protection stopped
2012/03/22 22:29:15 +0100 ******* ******* MESSAGE Database refreshed successfully
2012/03/22 22:29:15 +0100 ******* ******* MESSAGE Starting IP protection
2012/03/22 22:29:38 +0100 ******* ******* MESSAGE IP Protection started successfully
2012/03/22 22:49:53 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/22 22:49:54 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/22 23:29:31 +0100 ******* ******* MESSAGE Starting protection
2012/03/22 23:29:45 +0100 ******* ******* MESSAGE Protection started successfully
2012/03/22 23:29:48 +0100 ******* ******* MESSAGE Starting IP protection
2012/03/22 23:30:14 +0100 ******* ******* MESSAGE IP Protection started successfully
2012/03/22 23:38:04 +0100 ******* ******* IP-BLOCK 115.239.229.215 (Type: incoming)
Code:
ATTFilter
2012/03/23 20:38:21 +0100 ******* ******* MESSAGE Starting protection
2012/03/23 20:38:37 +0100 ******* ******* MESSAGE Protection started successfully
2012/03/23 20:38:40 +0100 ******* ******* MESSAGE Starting IP protection
2012/03/23 20:39:05 +0100 ******* ******* MESSAGE IP Protection started successfully
2012/03/23 20:39:44 +0100 ******* ******* MESSAGE Executing scheduled update: Daily
2012/03/23 20:40:30 +0100 ******* ******* MESSAGE Scheduled update executed successfully: database updated from version v2012.03.22.04 to version v2012.03.23.04
2012/03/23 20:40:30 +0100 ******* ******* MESSAGE Starting database refresh
2012/03/23 20:40:30 +0100 ******* ******* MESSAGE Stopping IP protection
2012/03/23 20:40:30 +0100 ******* ******* MESSAGE IP Protection stopped
2012/03/23 20:40:47 +0100 ******* ******* MESSAGE Database refreshed successfully
2012/03/23 20:40:47 +0100 ******* ******* MESSAGE Starting IP protection
2012/03/23 20:41:17 +0100 ******* ******* MESSAGE IP Protection started successfully
2012/03/23 21:14:58 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/23 21:14:58 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/23 21:14:58 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/23 22:56:33 +0100 ******* ******* IP-BLOCK 64.34.253.37 (Type: incoming)
Code:
ATTFilter
2012/03/24 19:33:29 +0100 ******* MESSAGE Starting protection
2012/03/24 19:33:50 +0100 ******* MESSAGE Protection started successfully
2012/03/24 19:33:54 +0100 ******* MESSAGE Starting IP protection
2012/03/24 19:34:22 +0100 ******* ******* MESSAGE IP Protection started successfully
2012/03/24 20:24:18 +0100 ******* MESSAGE Starting protection
2012/03/24 20:24:36 +0100 ******* MESSAGE Protection started successfully
2012/03/24 20:24:40 +0100 ******* MESSAGE Starting IP protection
2012/03/24 20:25:05 +0100 ******* ******* MESSAGE IP Protection started successfully
2012/03/24 20:39:52 +0100 ******* ******* MESSAGE Executing scheduled update: Daily
2012/03/24 20:40:06 +0100 ******* ******* MESSAGE Scheduled update executed successfully: database updated from version v2012.03.23.04 to version v2012.03.24.03
2012/03/24 20:40:06 +0100 ******* ******* MESSAGE Starting database refresh
2012/03/24 20:40:06 +0100 ******* ******* MESSAGE Stopping IP protection
2012/03/24 20:40:06 +0100 ******* ******* MESSAGE IP Protection stopped
2012/03/24 20:40:16 +0100 ******* ******* MESSAGE Database refreshed successfully
2012/03/24 20:40:16 +0100 ******* ******* MESSAGE Starting IP protection
2012/03/24 20:40:36 +0100 ******* ******* MESSAGE IP Protection started successfully
2012/03/24 21:25:28 +0100 ******* MESSAGE Starting protection
2012/03/24 21:25:45 +0100 ******* MESSAGE Protection started successfully
2012/03/24 21:25:48 +0100 ******* MESSAGE Starting IP protection
2012/03/24 21:26:40 +0100 ******* ******* MESSAGE IP Protection started successfully
2012/03/24 21:28:57 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/24 21:28:57 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/24 21:28:58 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/24 21:28:58 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/24 21:28:58 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/24 23:19:24 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/24 23:19:25 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/24 23:19:25 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/24 23:19:25 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/24 23:19:25 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/24 23:19:25 +0100 ******* ******* IP-BLOCK 221.192.199.49 (Type: incoming)
2012/03/24 23:24:49 +0100 ******* ******* IP-BLOCK 46.17.99.41 (Type: incoming)
2012/03/24 23:55:53 +0100 ******* ******* IP-BLOCK 95.168.166.238 (Type: incoming)
Code:
ATTFilter 7-Zip 4.65 24.03.2012 Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 24.05.2009 Adobe Digital Editions 24.03.2012 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 24.03.2012 10.1.102.64 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 24.03.2012 11.1.102.55 Adobe Reader 9.1 - Deutsch Adobe Systems Incorporated 25.05.2009 236MB 9.1.0 Adobe Shockwave Player 11 Adobe Systems, Inc. 24.03.2012 11 ATI Catalyst Control Center 2.009.0312.2222 ATI Display Driver 23.03.2012 8.593-090312a-081343C Avira Free Antivirus Avira 24.03.2012 12.0.0.898 CCleaner Piriform 24.03.2012 3.16 Compatibility Pack für 2007 Office System Microsoft Corporation 20.03.2012 261MB 12.0.6612.1000 Corel MediaOne Corel Corporation 24.05.2009 181.4MB 2.100.0000 CorelDRAW Essential Edition 3 Corel Corporation 24.05.2009 CyberLink PowerDVD 8 CyberLink Corp. 25.05.2009 8.0.2705 CyberLink YouCam CyberLink Corp. 25.05.2009 2.0.2521 Doro 1.66 CompSoft 21.01.2012 DynaGeo 3.6a Roland Mechling 28.03.2011 GeoGebra WebStart International GeoGebra Institute 23.03.2012 GEONExT 1.73.1 GEONExT Group 24.03.2011 1.73.1 Google Chrome Google Inc. 05.02.2010 17.0.963.83 Google Earth Google 26.05.2009 25.3MB 4.3.7284.3916 Google Toolbar for Internet Explorer Google Inc. 26.05.2009 7.3.2710.138 Google Updater Google Inc. 24.03.2012 2.4.1487.6512 HP Business Inkjet 1200 11.12.2011 ICQ7 ICQ 05.02.2010 7.0 Java(TM) 6 Update 29 Sun Microsystems, Inc. 24.05.2009 97.0MB 6.0.290 Kingsoft Office 2012 (8.1.0.3010) Kingsoft Corp. 24.03.2012 8.1.0.3010 Linux MultiMedia Studio (LMMS) LMMS Developers 24.03.2012 0.4.6 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 18.03.2012 1.60.1.1000 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 20.03.2012 184.3MB 2.2.30729 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 25.05.2009 6.30MB 2.2.30729 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 25.06.2010 209MB 3.2.30729 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft Corporation 25.05.2009 37.5MB 3.2.30729 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 23.03.2012 Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 12.01.2012 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 25.05.2009 1 Microsoft Office File Validation Add-In Microsoft Corporation 21.11.2011 11.2MB 14.0.5130.5003 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 20.03.2012 136.0MB 12.0.6612.1000 Microsoft Silverlight Microsoft Corporation 18.02.2012 194.9MB 4.1.10111.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 25.05.2009 1.74MB 3.1.0000 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 25.05.2009 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 08.02.2010 0.11MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 5.28MB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 08.02.2010 0.15MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 17.04.2011 10.2MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.02.2010 10.3MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 20.06.2011 10.2MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 18.03.2012 15.0MB 10.0.40219 Microsoft Works Microsoft Corporation 16.12.2010 387MB 9.7.0621 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 25.05.2009 2.67MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 08.02.2010 2.77MB 4.20.9876.0 Picasa 3 Google, Inc. 24.03.2012 3.8 REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek 24.05.2009 1.23.0000 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 24.05.2009 5.10.0.5827 REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 24.05.2009 1.01.0092 Skype Click to Call Skype Technologies S.A. 17.12.2011 10.0MB 5.6.8442 Skype™ 5.5 Skype Technologies S.A. 17.12.2011 17.0MB 5.5.124 soft Xpansion Perfect PDF 7 Master soft Xpansion 24.03.2012 7.1.0 System Control Manager 25.05.2009 2.209.0525.OE004.03 USB2.0 Card Reader Software Realtek Semiconductor Corp. 31.05.2009 6.0.6000.85 WIDCOMM Bluetooth Software WIDCOMM, Inc. 24.05.2009 19.9MB 5.5.0.5700 Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Microsoft Corporation 13.09.2011 1.0 Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 25.05.2009 Windows Internet Explorer 7 Microsoft Corporation 25.05.2009 20070813.185237 Windows Live Essentials Microsoft Corporation 31.08.2010 14.0.8117.0416 Windows Live Sync Microsoft Corporation 31.08.2010 2.79MB 14.0.8117.416 Windows Media Format 11 runtime 24.03.2012 Windows Media Player 11 24.03.2012 Windows-Sicherungsprogramm Microsoft Corporation 25.05.2009 1.24MB 5.1 OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.03.2012 21:57:42 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Dokumente und Einstellungen\********\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
895.30 Mb Total Physical Memory | 417.04 Mb Available Physical Memory | 46.58% Memory free
2.12 Gb Paging File | 1.55 Gb Available in Paging File | 73.27% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 134.39 Gb Total Space | 114.99 Gb Free Space | 85.56% Space Free | Partition Type: NTFS
Drive D: | 14.64 Gb Total Space | 7.79 Gb Free Space | 53.24% Space Free | Partition Type: FAT32
Computer Name: ******** | User Name: ******** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\WINWORD.EXE" /n /dde
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"443:TCP" = 443:TCP:*:Enabled:ooVoo TCP Port 443
"443:UDP" = 443:UDP:*:Enabled:ooVoo UDP Port 443
"37674:TCP" = 37674:TCP:*:Enabled:ooVoo TCP Port 37674
"37674:UDP" = 37674:UDP:*:Enabled:ooVoo UDP Port 37674
"37675:UDP" = 37675:UDP:*:Enabled:ooVoo UDP Port 37675
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\ooVoo\ooVoo.exe" = C:\Programme\ooVoo\ooVoo.exe:*:Enabled:ooVoo
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048FC675-D00F-A0B0-C111-AE39F4B8CC9E}" = CCC Help Italian
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AC247CD-DC48-0DF7-0570-8B07885FF018}" = Catalyst Control Center Graphics Previews Common
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20800BCE-5629-3F94-9F9A-4B7A2C17324F}" = CCC Help German
"{209775F0-6B14-5E9A-87E4-0C78A79C78FE}" = CCC Help Norwegian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{242F05A2-B450-5235-6C95-656FE1C422CB}" = Catalyst Control Center Core Implementation
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{341B8C78-57D3-EAA3-9661-D74304C3EE17}" = CCC Help French
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B8028BA-35C7-6032-B889-30B3B37B41C0}" = Catalyst Control Center Localization All
"{4622511D-4AEB-420d-8396-65138388349F}" = soft Xpansion Perfect PDF 7 Master
"{48ADC36F-75AA-6EF5-0733-D9F8CDE8D0D2}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50C78D0B-B45E-638F-D120-0721D86B253A}" = CCC Help Korean
"{51A24711-A461-1CD8-6AA1-DF37F3E02C77}" = CCC Help Dutch
"{535C6037-F272-71F4-FE26-E1B2868DE2F7}" = ccc-core-static
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D91D393-1523-5293-176D-9E2204BB5829}" = CCC Help Turkish
"{61C3E1B4-2F5C-8961-1439-CA5D44F49CFC}" = CCC Help Chinese Standard
"{6222657E-1118-DFFC-2683-FAA9BA68FE10}" = CCC Help Spanish
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6857B928-CD51-E5EC-7120-0D1E5E631350}" = CCC Help Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7121BAE0-8959-6930-441C-409455A2391F}" = CCC Help English
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7932FC5E-CCD0-916C-9B56-0C2F5B786843}" = CCC Help Portuguese
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{855425BB-0BB6-E908-2781-134FD8BDE9C0}" = ccc-utility
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86FFE51F-6DC8-6D5D-7571-E6837DAC7F26}" = CCC Help Czech
"{88223E9F-D792-77A6-D1C0-500610042740}" = Catalyst Control Center Graphics Full New
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B80D71B-5AA2-E36D-BE9D-70A2FBBB9C85}" = CCC Help Japanese
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{945DAF9A-2BE1-DEDE-3B16-81757CA2BEAD}" = CCC Help Swedish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FD3168-58AF-8C6B-1B33-9B196E992425}" = CCC Help Chinese Traditional
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B80F72C0-C511-C947-3F2E-83AFC506517B}" = CCC Help Polish
"{B8754879-727E-A8CF-2210-A345CD1CF9ED}" = ccc-core-preinstall
"{BBA51523-A256-825E-C5C2-8F4FC1D787ED}" = Catalyst Control Center Graphics Light
"{C040AA8E-11D2-9648-9F9C-985A91A4727A}" = CCC Help Thai
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0FDE53C-30CE-4432-9809-756E1A6CEF44}" = HP Business Inkjet 1200
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D32B19EA-BFAD-442D-A0C3-FAA8A93DEFCA}" = CCC Help Danish
"{D55D77A5-BBE2-1A5F-CD1E-E7AB6DEACB60}" = CCC Help Russian
"{D6510194-C41F-CE9C-F726-8543F4414EE9}" = CCC Help Hungarian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F067F869-D300-FF34-F1D5-13474E1BB948}" = Catalyst Control Center Graphics Full Existing
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Digital Editions" = Adobe Digital Editions
"Doro_is1" = Doro 1.66
"DynaGeo_is1" = DynaGeo 3.6a
"GEONExT_is1" = GEONExT 1.73.1
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"hp business inkjet 1200 series" = HP Business Inkjet 1200
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"Kingsoft Office" = Kingsoft Office 2012 (8.1.0.3010)
"LMMS 0.4.6" = Linux MultiMedia Studio (LMMS)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra WebStart" = GeoGebra WebStart
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.02.2012 16:14:25 | Computer Name = ******** | Source = ESENT | ID = 490
Description = svchost (1320) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 10.02.2012 16:14:25 | Computer Name = ******** | Source = ESENT | ID = 439
Description = Catalog Database (1320) Die Shadowkopfzeile für Datei C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
konnte nicht geschrieben werden. Fehler -1032.
Error - 10.02.2012 16:14:25 | Computer Name = ******** | Source = ESENT | ID = 454
Description = Catalog Database (1320) Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -1032 auf.
Error - 14.02.2012 18:26:10 | Computer Name = ******** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung chrome.exe, Version 16.0.912.77, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 07.03.2012 18:05:22 | Computer Name = ******** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 9.1.0.163, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 08.03.2012 16:12:58 | Computer Name = ******** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung chrome.exe, Version 17.0.963.66, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 17.03.2012 18:07:36 | Computer Name = ******** | Source = Avira AntiVir | ID = 4109
Description =
Error - 21.03.2012 15:20:43 | Computer Name = ******** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.39.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 21.03.2012 18:43:53 | Computer Name = ******** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.39.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 24.03.2012 16:56:55 | Computer Name = ******** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.39.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 22.03.2012 18:16:11 | Computer Name = ******** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 22.03.2012 18:16:11 | Computer Name = ******** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 22.03.2012 18:16:11 | Computer Name = ******** | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 22.03.2012 18:16:11 | Computer Name = ******** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avipbb avkmgr Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss ssmdrv Tcpip
Error - 22.03.2012 18:20:50 | Computer Name = ******** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 22.03.2012 18:21:20 | Computer Name = ******** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 22.03.2012 18:21:39 | Computer Name = ******** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 22.03.2012 18:26:36 | Computer Name = ******** | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 23.03.2012 15:37:17 | Computer Name = ******** | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 24.03.2012 14:34:33 | Computer Name = ******** | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
und die OTL-Datei: [code] AZOTL Logfile: Code:
ATTFilter OTL logfile created on: 24.03.2012 21:57:42 - Run 1 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Dokumente und Einstellungen\*******\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 895.30 Mb Total Physical Memory | 417.04 Mb Available Physical Memory | 46.58% Memory free 2.12 Gb Paging File | 1.55 Gb Available in Paging File | 73.27% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 134.39 Gb Total Space | 114.99 Gb Free Space | 85.56% Space Free | Partition Type: NTFS Drive D: | 14.64 Gb Total Space | 7.79 Gb Free Space | 53.24% Space Free | Partition Type: FAT32 Computer Name: ******* | User Name: ******* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.21 19:54:37 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*******\Desktop\OTL.exe PRC - [2012.01.31 08:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.11.26 14:08:58 | 000,167,936 | ---- | M] (CompSoft) -- C:\Programme\DoroPDFWriter\DoroServer.exe PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.05.26 04:42:16 | 000,161,776 | ---- | M] (Google) -- C:\WINDOWS\Temp\gis9a953\GoogleUpdater.exe PRC - [2009.05.25 12:38:08 | 002,048,000 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MGSysCtrl.exe PRC - [2008.12.05 08:08:40 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.11.05 08:21:04 | 000,159,744 | ---- | M] (Micro-Star Int'l Co., Ltd.) -- C:\Programme\System Control Manager\MSIService.exe PRC - [2008.10.17 09:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\PowerDVD8\PDVD8Serv.exe PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2004.07.21 11:35:32 | 000,327,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe ========== Modules (No Company Name) ========== MOD - [2012.03.20 21:27:41 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll MOD - [2012.03.20 21:27:35 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll MOD - [2012.03.20 21:27:08 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll MOD - [2012.03.20 21:00:42 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll MOD - [2012.03.20 21:00:34 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll MOD - [2012.03.20 21:00:09 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll MOD - [2012.03.20 20:53:59 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll MOD - [2012.01.31 08:56:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.10.15 17:03:40 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll MOD - [2011.10.15 12:17:17 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2009.05.25 07:53:03 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.05.25 07:53:01 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.05.24 12:58:46 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3358.38385__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2009.05.24 12:58:46 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3358.38459__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2009.05.24 12:58:46 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:46 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3358.38368__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2009.05.24 12:58:46 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2009.05.24 12:58:46 | 000,172,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:46 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3358.38460__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:46 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3358.38386__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3358.38428__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2009.05.24 12:58:46 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3358.38441__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2009.05.24 12:58:46 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3358.38376__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:46 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3358.38423__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2009.05.24 12:58:46 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3358.38427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2009.05.24 12:58:46 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3358.38423__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll MOD - [2009.05.24 12:58:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2009.05.24 12:58:46 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3358.38410__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2009.05.24 12:58:46 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3358.38386__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2009.05.24 12:58:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3358.38376__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2009.05.24 12:58:45 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:45 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3358.38377__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:45 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:45 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3358.38407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:45 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:45 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3358.38435__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2009.05.24 12:58:45 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:45 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2009.05.24 12:58:45 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3358.38387__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:45 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3358.38421__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2009.05.24 12:58:45 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3358.38412__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2009.05.24 12:58:45 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2009.05.24 12:58:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3358.38391__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2009.05.24 12:58:45 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3358.38411__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2009.05.24 12:58:45 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3358.38420__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2009.05.24 12:58:45 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3358.38422__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2009.05.24 12:58:44 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2009.05.24 12:58:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2009.05.24 12:58:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2009.05.24 12:58:44 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2009.05.24 12:58:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2009.05.24 12:58:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2009.05.24 12:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2009.05.24 12:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2009.05.24 12:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2009.05.24 12:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2009.05.24 12:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2009.05.24 12:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll MOD - [2009.05.24 12:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2009.05.24 12:58:44 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2009.05.24 12:58:44 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2009.05.24 12:58:44 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2009.05.24 12:58:43 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3358.38372__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2009.05.24 12:58:43 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3358.38449__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2009.05.24 12:58:43 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3358.38485__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2009.05.24 12:58:43 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3358.38381__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2009.05.24 12:58:43 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3358.38454__90ba9c70f846762e\MOM.Implementation.dll MOD - [2009.05.24 12:58:43 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3358.38365__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2009.05.24 12:58:43 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3358.38366__90ba9c70f846762e\ATIDEMOS.dll MOD - [2009.05.24 12:58:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3358.38452__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2009.05.24 12:58:43 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3358.38365__90ba9c70f846762e\APM.Server.dll MOD - [2009.05.24 12:58:43 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3358.38367__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2009.05.24 12:58:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2009.05.24 12:58:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3358.38364__90ba9c70f846762e\AEM.Server.dll MOD - [2009.05.24 12:58:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3358.38467__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2009.05.24 12:58:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2009.05.24 12:58:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2009.05.24 12:58:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2009.05.24 12:58:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2009.05.24 12:58:43 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3358.38453__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009.05.24 12:58:43 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2009.05.24 12:58:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2009.05.24 12:58:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2009.05.24 12:58:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2009.05.24 12:58:43 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2009.05.24 12:58:43 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2009.05.24 12:58:43 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2009.05.24 12:58:43 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3358.38363__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009.04.10 08:31:56 | 000,053,248 | ---- | M] () -- C:\Programme\System Control Manager\MGKBHook.dll MOD - [2009.02.27 15:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.12.05 08:07:42 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2008.12.05 08:05:44 | 000,069,697 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.21 01:05:24 | 000,234,096 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\soft Xpansion\sxds10.exe -- (SXDS10) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2008.11.05 08:21:04 | 000,159,744 | ---- | M] (Micro-Star Int'l Co., Ltd.) [Auto | Running] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.01.31 08:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.01.31 08:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.23 03:50:08 | 000,548,992 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8192se.sys -- (RTL8192se) DRV - [2009.05.21 20:29:00 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.04.07 17:14:36 | 005,066,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.04.02 13:01:26 | 000,164,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.02.20 17:12:00 | 003,729,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService) DRV - [2008.10.31 03:19:18 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008.10.31 03:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008.10.30 20:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2008.08.05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.07.24 15:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008.05.30 09:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2008.03.10 16:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2008.02.04 15:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006.01.04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_de IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\..\SearchScopes\{BDF755F1-73DC-43A3-A4B5-ECDB82045EFA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms} IE - HKCU\..\SearchScopes\{F741C093-532C-4F08-A459-2C34EAF5AD5C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5053 FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5053 [2011.12.05 01:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.29 23:54:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.83\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\ CHR - Extension: Skype Click to Call = C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DoroServer] C:\Programme\DoroPDFWriter\DoroServer.exe (CompSoft) O4 - HKLM..\Run: [HPWNTOOLBOX] C:\Programme\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RemoteControl8] C:\Programme\HomeCinema\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243230124750 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243239631578 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.174 80.69.100.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{887F2FA5-17A1-49FF-B4CF-F79A6A83FA80}: DhcpNameServer = 80.69.100.174 80.69.100.206 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL File not found O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\*******\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.05.17 08:58:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.24 21:41:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2012.03.24 21:25:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*******\Startmenü\Programme\PowerDVD 8 [2012.03.24 21:19:25 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\*******\Recent [2012.03.24 20:57:53 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2012.03.21 20:28:20 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.21 19:54:35 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*******\Desktop\OTL.exe [2012.03.18 18:30:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*******\Eigene Dateien\ForceField Shared Files [2012.03.18 18:28:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\CheckPoint [2012.03.18 18:27:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2012.03.18 18:23:43 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2012.03.18 14:02:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2012.03.18 00:00:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Malwarebytes [2012.03.18 00:00:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.03.18 00:00:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.03.18 00:00:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.03.18 00:00:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.03.17 23:41:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Avira [2012.03.17 23:34:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2012.03.17 23:32:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\APN [2012.03.17 23:32:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2012.03.17 23:32:14 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.03.17 23:32:14 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012.03.17 23:31:59 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2012.03.17 23:31:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira ========== Files - Modified Within 30 Days ========== [2012.03.24 22:36:31 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.03.24 22:26:19 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_*******.job [2012.03.24 21:41:26 | 000,000,658 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.03.24 21:25:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.24 21:25:11 | 938,856,448 | -HS- | M] () -- C:\hiberfil.sys [2012.03.22 22:32:20 | 000,001,781 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.03.21 19:54:37 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*******\Desktop\OTL.exe [2012.03.21 19:22:58 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.03.17 23:34:37 | 000,001,675 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.03.17 22:27:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.10 13:57:16 | 000,449,492 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.03.10 13:57:16 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.03.10 13:57:16 | 000,080,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.03.10 13:57:16 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.03.07 19:59:08 | 000,147,456 | RHS- | M] () -- C:\WINDOWS\System32\hlinkq.dll ========== Files Created - No Company Name ========== [2012.03.24 21:41:26 | 000,000,658 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.03.22 23:27:46 | 000,000,860 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012.03.22 23:27:29 | 938,856,448 | -HS- | C] () -- C:\hiberfil.sys [2012.03.17 23:34:37 | 000,001,675 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.03.07 19:59:08 | 000,147,456 | RHS- | C] () -- C:\WINDOWS\System32\hlinkq.dll [2012.02.15 13:19:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.11 23:23:58 | 000,102,400 | ---- | C] () -- C:\WINDOWS\scrub2k.exe [2011.12.11 23:23:58 | 000,000,423 | ---- | C] () -- C:\WINDOWS\hpw1200k.ini [2011.12.11 23:22:54 | 000,018,536 | ---- | C] () -- C:\WINDOWS\hpbj1200.ini [2011.12.11 23:22:48 | 000,001,805 | ---- | C] () -- C:\WINDOWS\mariner.ini [2011.12.11 22:20:11 | 000,003,594 | ---- | C] () -- C:\WINDOWS\lfc.ini [2011.12.11 22:00:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2011.10.04 08:56:51 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2011.09.13 20:58:59 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2011.09.13 20:58:59 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\460C4DED3E.sys ========== LOP Check ========== [2012.03.18 18:28:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\CheckPoint [2011.03.28 20:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\DynaGeo [2012.03.18 00:42:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\ICQ [2012.01.21 01:22:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Kingsoft [2009.05.25 09:09:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\OfficeUpdate12 [2010.10.07 21:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\ooVoo Details [2011.12.05 01:28:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\SoftGrid Client [2010.03.02 19:14:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Template [2011.05.07 00:07:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\TP [2011.08.12 21:00:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Windows Live Writer [2012.03.18 18:27:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint [2012.01.21 01:21:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kingsoft [2012.01.21 01:05:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\soft Xpansion [2009.05.25 13:26:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2011.05.06 23:29:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Virtualized Applications [2011.08.03 09:12:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VirtualizedApplications [2009.05.24 15:10:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{623D32E9-0C62-4453-AD44-98B31F52A5E1} [2012.03.24 22:26:19 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\WpsUpdateTask_*******.job ========== Purity Check ========== < End of report > Danke dir für deine Hilfe, ich hoffe, das System ist nicht allzu infiziert. |
|
25.03.2012, 07:19
| #11 |
| /// Helfer-Team | BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber? mit alte OTL-Log-File kann ich nicht anfangen! bitte immer wenn ich verlange ein neues Log erstellen und posten! Run 1 2x gepostet!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
25.03.2012, 09:27
| #12 |
| | BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber? Hi, die Scan-file war ja von gestern abend, also ganz frisch. Meinst du die File, die mit Fix erstellt wurde? Sind denn die Malewarebytesberichte ok? Hast du war bei der Ccleaner-datei gefunden, was beunruhigend ist? Gruß, Aloha |
|
26.03.2012, 05:15
| #13 | ||
| /// Helfer-Team | BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber?Zitat:
** Man kann die Scan-Berichte zu jeder Zeit einsehen. Dazu klickt man auf den Tab Scan-Berichte im oberen Programm-Menü. Ein Doppelklick öffnet den jeweiligen Scan-Bericht im Editor. (Nicht die IP-Protokolle!) 1. das OTL-Fixes (Punkt 2.) im abgesicherten Modus ausführen: ♦ PC neu starten ♦ Drücke bevor das Windows-Logo erscheint, mehrmals die F8-Taste. ♦ Wähle in der Liste, die nun erscheint, den abgesicherten Modus aus. 2. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2613550
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{BDF755F1-73DC-43A3-A4B5-ECDB82045EFA}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{F741C093-532C-4F08-A459-2C34EAF5AD5C}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
[2012.03.24 22:36:31 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
3. Öffne CCleaner - Anleitung CCleaner
4. Starte im normalen Modus aeu auf 5. Öffne CCleaner - Anleitung CCleaner
6. erneut einen Scan mit OTL: - ältere Logdateien löschen!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu BKA-Trojaner-Problem durch Systemwiederherstellung gelöst, ist mein PC jetzt sauber? |
| absolut, antimalwarebytes, arbeitet, avira, eingefangen, ellung, entfern, explorer, falsche, falsche seiten, gefangen, gefunde, gelöst, gen, gestern, konnte, langsam, loswerden, längerem, nachschauen, problem, sauber, seite, seiten, systemwiederherstellung, windows, windows langsam |
.
Linear-Darstellung
