| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner AAJX (?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.03.2013, 21:52
| #1 |
| |  Trojaner AAJX (?) Hallo liebe Trojaner-Experten. Ich habe wohl ein Trojanerproblem. Ich habe bis heute Sophos Anti-Virus benutzt, das seit ca. Mitte letzter Woche wiederholt eine Meldung gezeigt hat, dass es einen Trojaner namens AAJX (den ganzen Namen habe ich mir leider nicht aufgeschrieben :/) in Quarantäne gesteckt hat, auch während ich gerade nicht im Internet gesurft habe oder Ähnliches. Ich habe daraus geschlossen, dass ich mir irgendeine Schadsoftware eingefangen habe, die Trojaner herunterlädt. Daraufhin habe ich einen Systemscan gemacht, wobei Sophos jedoch ebenfalls nur diesen Trojaner gefunden und in Quarantäne gesteckt hat. Danach wurde mir jedoch abermals diese Meldung gezeigt, weshalb ich der Ansicht war, dass die Ursache dadurch wohl nicht beseitigt war. Daraufhin habe ich heute einen anderen Virenscanner ausprobieren wollen, da ja manche Schadprogramme von den einen nicht gefunden werden, von den anderen aber doch, und habe mir AntiVir heruntergeladen. Dieses hat jedoch bei der Untersuchung keinerlei auffällige Objekte gefunden. Allerdings spielt mein Rechner seitdem ich Sophos durch AntiVir ausgetauscht habe, verrückt. Es stürzen häufig Programme ab, z.B. CorelDraw oder auch Word, wenn ich nur einen Text eingebe und sonst nichts Besonderes mache. Einemal ist auch der Rechner komplett eingefroren und es half nur der Reset-Knopf. War wohl keine gute Idee, Sophos durch AntiVir auszutauschen. Mein Computer ist jetzt allerding vom Internet getrennt, sodass es wohl nicht schlimmer werden wird. Daher wende ich mich jetzt an euch und hoffe, dass ihr mir helfen könnt. Anbei findet ihr die Logdateien von OTL und GMER. Da ich Sophos bereits deinstalliert habe und dabei anscheinend die Logs und Quarantäne-Objekte gelöscht wurden, kann ich leider das Sophos-Log nicht posten. AntiVir hat wie gesagt nichts gefunden. OTL.txt Code:
ATTFilter OTL logfile created on: 3/4/2013 8:04:23 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 77.70% Memory free 5.09 Gb Paging File | 4.38 Gb Available in Paging File | 86.10% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 97.65 Gb Total Space | 68.98 Gb Free Space | 70.64% Space Free | Partition Type: NTFS Drive E: | 295.94 Gb Total Space | 248.58 Gb Free Space | 83.99% Space Free | Partition Type: FAT32 Drive F: | 50.00 Gb Total Space | 16.95 Gb Free Space | 33.91% Space Free | Partition Type: EXT3 Drive G: | 983.22 Mb Total Space | 322.52 Mb Free Space | 32.80% Space Free | Partition Type: FAT Computer Name: FB08-PC-THEO3 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/04 20:01:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2013/03/04 15:18:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013/03/04 15:18:09 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013/03/04 15:18:09 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013/03/04 15:18:08 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2011/02/05 09:12:42 | 001,211,536 | ---- | M] (Ext2Fsd Group (www.ext2fsd.com)) -- C:\Programme\Ext2Fsd\Ext2Mgr.exe PRC - [2010/06/17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2009/11/20 12:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009/10/15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Programme\Gigabyte\EasySaver\essvr.exe PRC - [2008/04/14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/09/07 19:16:50 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe PRC - [2007/09/07 19:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe ========== Modules (No Company Name) ========== MOD - [2013/03/04 15:18:17 | 000,397,704 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012/06/15 09:56:06 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012/06/15 07:56:18 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012/06/15 07:56:12 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012/06/15 07:54:53 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012/05/15 10:48:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012/05/15 10:48:23 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll MOD - [2012/05/14 16:36:10 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012/05/14 16:35:12 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012/05/14 16:35:07 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2010/12/13 17:48:40 | 001,736,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3561.39056__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2010/12/13 17:48:40 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3561.39154__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010/12/13 17:48:40 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3561.39032__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010/12/13 17:48:40 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3561.39058__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010/12/13 17:48:40 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3561.39129__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010/12/13 17:48:40 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3561.39101__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010/12/13 17:48:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3561.39051__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010/12/13 17:48:40 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3561.39088__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010/12/13 17:48:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3561.39043__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010/12/13 17:48:40 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3561.39171__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2010/12/13 17:48:40 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3561.39171__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2010/12/13 17:48:40 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3561.39177__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2010/12/13 17:48:40 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3561.39171__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,823,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3561.39091__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,643,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3561.39169__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3561.39122__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010/12/13 17:48:39 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3561.39109__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3561.39058__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3561.39110__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010/12/13 17:48:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3561.39090__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010/12/13 17:48:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3561.39098__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3561.39168__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010/12/13 17:48:39 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3561.39042__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3561.39108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010/12/13 17:48:39 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3561.39057__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3561.39156__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:39 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3561.39097__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010/12/13 17:48:39 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3561.39056__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2010/12/13 17:48:38 | 000,573,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3561.39060__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:38 | 000,409,600 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3561.39045__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:38 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3561.39090__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:38 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3561.39084__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:38 | 000,286,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.3561.39079__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll MOD - [2010/12/13 17:48:38 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/12/13 17:48:38 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3561.39089__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010/12/13 17:48:38 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3561.39064__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010/12/13 17:48:38 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3561.39090__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010/12/13 17:48:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3552.26984__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010/12/13 17:48:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3561.39099__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010/12/13 17:48:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3552.26991__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010/12/13 17:48:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3552.27105__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010/12/13 17:48:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3552.27103__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3552.27197__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3552.27220__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3552.27317__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3552.27306__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3552.27206__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010/12/13 17:48:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3552.27300__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010/12/13 17:48:38 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010/12/13 17:48:37 | 000,651,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3561.39190__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010/12/13 17:48:37 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3552.27161__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3552.27021__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010/12/13 17:48:37 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3552.27258__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3552.27311__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3552.27249__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3552.27257__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3552.27248__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3552.27248__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010/12/13 17:48:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3561.39162__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010/12/13 17:48:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3552.27288__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3552.27255__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3552.27219__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3552.27381__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010/12/13 17:48:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3552.27244__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3552.27239__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3552.27198__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3552.27119__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010/12/13 17:48:37 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3552.27251__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010/12/13 17:48:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3552.27139__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010/12/13 17:48:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3552.27059__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010/12/13 17:48:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3552.27243__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3552.27208__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010/12/13 17:48:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3552.27204__90ba9c70f846762e\APM.Foundation.dll MOD - [2010/12/13 17:48:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3552.27237__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010/12/13 17:48:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010/12/13 17:48:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3552.27169__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010/12/13 17:48:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3552.27242__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010/12/13 17:48:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3552.27179__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010/12/13 17:48:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3552.27107__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010/12/13 17:48:37 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2010/12/13 17:48:37 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3561.39028__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010/12/13 17:48:36 | 001,220,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3561.39038__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010/12/13 17:48:36 | 000,561,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3561.39141__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010/12/13 17:48:36 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3561.39050__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010/12/13 17:48:36 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3561.39147__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010/12/13 17:48:36 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3561.39145__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010/12/13 17:48:36 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3561.39029__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010/12/13 17:48:36 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3561.39027__90ba9c70f846762e\APM.Server.dll MOD - [2010/12/13 17:48:36 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3561.39031__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010/12/13 17:48:36 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3552.27176__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010/12/13 17:48:36 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3561.39028__90ba9c70f846762e\AEM.Server.dll MOD - [2010/12/13 17:48:36 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3552.27044__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010/12/13 17:48:36 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3552.27135__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010/12/13 17:48:36 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3552.27085__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010/12/13 17:48:36 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010/12/13 17:48:36 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3552.27184__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010/12/13 17:48:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3552.27098__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010/12/13 17:48:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3552.27177__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010/12/13 17:48:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3552.27195__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010/12/13 17:48:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3552.27265__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010/12/13 17:48:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.3552.27287__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll MOD - [2010/12/13 17:48:36 | 000,019,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3561.39147__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010/12/13 17:48:36 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2010/12/13 17:32:49 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/12/13 17:32:47 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/06/17 21:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2009/10/01 16:45:50 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Programme\Gigabyte\EasySaver\essvr.exe MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009/03/13 11:30:44 | 000,109,096 | ---- | M] () -- C:\Programme\Gigabyte\EasySaver\ycc.dll MOD - [2005/11/14 14:43:58 | 000,029,152 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\FSPPMFP.DLL ========== Services (SafeList) ========== SRV - [2013/03/04 15:18:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/03/04 15:18:09 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013/03/04 15:18:09 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/02/29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Programme\Gigabyte\EasySaver\essvr.exe -- (ES lite Service) SRV - [2007/09/07 19:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003/07/28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013/03/04 15:34:39 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2013/03/04 15:18:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2013/03/04 15:18:20 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013/03/04 15:18:20 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013/03/04 15:18:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011/07/09 01:32:52 | 000,686,360 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ext2fsd.sys -- (Ext2Fsd) DRV - [2011/01/19 12:55:37 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2010/12/15 09:54:11 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\etdrv.sys -- (etdrv) DRV - [2010/04/27 11:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger) DRV - [2010/04/06 11:13:04 | 005,912,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2010/03/22 09:30:22 | 000,222,672 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2010/01/27 09:58:32 | 000,098,928 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID) DRV - [2010/01/27 04:05:00 | 004,078,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService) DRV - [2009/11/20 12:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2009/11/20 12:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009/11/18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009/11/18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009/10/02 05:09:20 | 004,486,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009/08/19 13:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2008/09/25 17:35:24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs) DRV - [2008/08/28 22:45:58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount) DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007/02/16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007/02/16 19:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2007/02/16 01:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=drive&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{80A15D79-8D1E-4bff-8422-F2400AD927CC}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKCU\..\SearchScopes\{836349EA-E90F-4c0c-A739-6BFF46F49E8B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKCU\..\SearchScopes\{E82C261E-58CE-48e4-B2EB-9A696456CD4D}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Programme\Gemeinsame Dateien\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2011/06/14 11:42:59 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrchdrive.xml O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com) O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [Ext2 Volume Manager] C:\Programme\Ext2Fsd\Ext2Mgr.exe (Ext2Fsd Group (www.ext2fsd.com)) O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Create Synchronicity - Scheduler] C:\Programme\Create Software\Create Synchronicity\Create Synchronicity.exe (Create Software) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292259211609 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phys.chemie.uni-giessen.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E33206E3-1971-433C-8C47-E6F4083C25A4}: NameServer = 134.176.2.5,134.176.2.7 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: E:\Daten\Europa_neu.png O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/12/13 16:30:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/03/04 20:02:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2013/03/04 15:49:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2013/03/04 15:49:43 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2013/03/04 15:42:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2013/03/04 15:32:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2013/03/04 15:29:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2013/03/04 15:20:26 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013/03/04 15:20:23 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013/03/04 15:20:23 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013/03/04 15:20:23 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013/03/04 15:20:22 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2013/03/04 15:20:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2013/03/04 11:17:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sophos [2013/02/28 15:07:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Cygwin [2013/02/28 14:30:12 | 000,000,000 | ---D | C] -- C:\temp [2013/02/28 14:29:54 | 000,000,000 | ---D | C] -- C:\Programme\cygwin [2013/02/28 14:21:14 | 000,686,360 | ---- | C] (www.ext2fsd.com) -- C:\WINDOWS\System32\drivers\ext2fsd.sys [2013/02/28 14:21:14 | 000,000,000 | ---D | C] -- C:\Programme\Ext2Fsd [2013/02/28 14:21:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ext2Fsd [2013/02/28 14:03:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nyolr [2013/02/28 14:03:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Azbya [2013/02/28 14:03:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Aqde [2013/02/06 10:55:21 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/04 20:02:09 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2013/03/04 20:01:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2013/03/04 18:14:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\cedt.INI [2013/03/04 18:09:59 | 000,000,770 | ---- | M] () -- C:\WINDOWS\hpbafd.ini [2013/03/04 15:35:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/03/04 15:34:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/03/04 15:18:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013/03/04 15:18:20 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013/03/04 15:18:20 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013/03/04 15:18:20 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013/03/04 13:46:21 | 012,473,544 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\StructurePlot.rar [2013/03/01 13:38:03 | 010,641,272 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HCl_oxidation_raster.pdf [2013/02/28 17:23:52 | 019,116,030 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HCl_oxidation_v0.8_vorab_AttilA.pdf [2013/02/28 16:10:36 | 000,000,218 | ---- | M] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel [2013/02/28 16:02:07 | 000,000,043 | ---- | M] () -- C:\WINDOWS\gswin32.ini [2013/02/28 15:37:53 | 004,605,029 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Grafik2.png [2013/02/28 15:31:00 | 000,142,887 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Vache_encre.jpg [2013/02/07 12:04:03 | 005,391,904 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\AM Diss.pdf [2013/02/06 13:13:08 | 000,086,096 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Board_x16.png [2013/02/06 10:55:57 | 000,001,065 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/04 20:02:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2013/03/04 13:46:19 | 012,473,544 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\StructurePlot.rar [2013/03/01 13:37:42 | 010,641,272 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HCl_oxidation_raster.pdf [2013/02/28 17:23:42 | 019,116,030 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HCl_oxidation_v0.8_vorab_AttilA.pdf [2013/02/28 16:10:36 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel [2013/02/28 15:37:50 | 004,605,029 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Grafik2.png [2013/02/28 15:31:00 | 000,142,887 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Vache_encre.jpg [2013/02/07 12:03:45 | 005,391,904 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\AM Diss.pdf [2013/02/06 13:13:05 | 000,086,096 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Board_x16.png [2013/02/06 10:55:57 | 000,001,065 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Dropbox.lnk [2012/06/11 17:02:09 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/16 09:21:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/10/13 09:52:48 | 000,000,770 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2011/06/14 11:45:24 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2011/05/26 16:41:03 | 000,000,017 | ---- | C] () -- C:\WINDOWS\DOSINST.INI [2011/04/28 11:08:39 | 000,193,190 | ---- | C] () -- C:\WINDOWS\hphins34.dat [2011/04/28 11:08:39 | 000,000,532 | ---- | C] () -- C:\WINDOWS\hphmdl34.dat [2011/04/27 13:00:58 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini [2011/03/23 09:42:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011/03/23 09:42:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2011/03/08 11:29:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat ========== ZeroAccess Check ========== [2010/12/13 17:31:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010/09/09 15:17:08 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/07/10 10:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Advanced Chemistry Development [2011/03/23 09:42:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF [2013/03/04 15:28:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos [2011/11/18 12:48:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\.minecraft [2012/07/10 10:10:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Advanced Chemistry Development [2013/03/04 11:14:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Aqde [2013/02/28 14:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Azbya [2012/02/07 12:37:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Crayon Physics Deluxe [2013/03/04 17:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox [2011/06/14 11:49:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com [2010/12/15 09:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\fltk.org [2012/07/13 09:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0 [2012/09/12 15:02:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\inkscape [2010/12/15 09:25:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IrfanView [2012/03/08 13:32:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Jasc [2013/03/01 09:55:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nyolr [2010/12/15 09:19:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org [2010/12/13 17:44:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2012/06/11 11:23:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Trillian ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/4/2013 8:04:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 77.70% Memory free
5.09 Gb Paging File | 4.38 Gb Available in Paging File | 86.10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97.65 Gb Total Space | 68.98 Gb Free Space | 70.64% Space Free | Partition Type: NTFS
Drive E: | 295.94 Gb Total Space | 248.58 Gb Free Space | 83.99% Space Free | Partition Type: FAT32
Drive F: | 50.00 Gb Total Space | 16.95 Gb Free Space | 33.91% Space Free | Partition Type: EXT3
Drive G: | 983.22 Mb Total Space | 322.52 Mb Free Space | 32.80% Space Free | Partition Type: FAT
Computer Name: FB08-PC-THEO3 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Settlers Freaks\Return To The Roots\S2\s25client.exe" = C:\Programme\Settlers Freaks\Return To The Roots\S2\s25client.exe:*:Enabled:s25client
"C:\Programme\Wolfram Research\Mathematica\8.0\Mathematica.exe" = C:\Programme\Wolfram Research\Mathematica\8.0\Mathematica.exe:*:Enabled:Wolfram Mathematica 8 for Students -- (Wolfram Research, Inc.)
"C:\Programme\Wolfram Research\Mathematica\8.0\MathKernel.exe" = C:\Programme\Wolfram Research\Mathematica\8.0\MathKernel.exe:*:Enabled:Wolfram Mathematica 8 for Students Kernel -- (Wolfram Research, Inc.)
"C:\Programme\Wolfram Research\Mathematica\8.0\math.exe" = C:\Programme\Wolfram Research\Mathematica\8.0\math.exe:*:Enabled:math.exe -- (Wolfram Research, Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{106EEA42-249B-97B6-827E-D79C677A7284}" = CCC Help Spanish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1AB2519C-B340-4B0C-9F81-BCF32A842EBF}_is1" = Crayon Physics Deluxe Demo version 55_demo
"{1AEC8B94-C25D-E93E-C60C-ED2736782633}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{2090AAD2-D129-375A-8152-93AE4EBDEF11}" = ccc-core-static
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{267117C0-779A-4BD2-1D33-AD569C43D93B}" = CCC Help Czech
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{32A9C5B3-D166-4C6D-A11E-A54473151000}" = Java 3D 1.5.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37DC95F1-D521-23A7-313C-D6789F3EAE24}" = CCC Help Finnish
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3B1BD294-2747-6271-6F47-82A640A3A9E9}" = Catalyst Control Center Localization All
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3E9CDBD5-DBF7-0D39-4A3B-0535B0A7FBA7}" = CCC Help Danish
"{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F}" = CorelDRAW Graphics Suite X4 - Lang SU
"{4552B6C7-2175-15BA-AE39-7B4FB594AE4D}" = CCC Help French
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{4685E2C0-838E-2D49-E561-5870D57C2112}" = CCC Help English
"{4D842445-947A-975F-02B9-E87A0956DA14}" = CCC Help German
"{4E61CAD2-655B-5884-DE11-4C27FA952D1E}" = CCC Help Chinese Standard
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56E4D082-46F8-99B4-4E43-C6B79677968F}" = Catalyst Control Center Graphics Previews Common
"{57396CE7-B938-D86E-B3C2-450FA8212BA6}" = CCC Help Swedish
"{575471C8-A90D-9AEB-DD5F-D68D0536482A}" = ccc-utility
"{57C4B076-86E5-43B0-8541-EAE047B1F745}" = NEO wissenschaftlich v1.03
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{62540657-7F15-A129-AD00-345CA1685095}" = CCC Help Japanese
"{64FAC270-6C96-2579-0398-E92A29F31796}" = CCC Help Russian
"{6834B8AE-D23B-4B26-A919-6515844CF2BA}" = CorelDRAW Graphics Suite X4 - Lang PL
"{6F3ECAC9-BB76-C8A8-8DFD-754633F965D1}" = Catalyst Control Center Core Implementation
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{7BFAE5A7-5EDC-D120-7FA4-96168AB8575D}" = CCC Help Turkish
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{7FF910CA-67F5-E39B-2F6A-8E8A7C17FFB3}" = CCC Help Dutch
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{905D6E0C-B378-8CF8-0681-31F38D78E204}" = ccc-core-preinstall
"{922D09F2-5A96-2ECB-BB71-493F23AD052B}" = Catalyst Control Center Graphics Light
"{97882553-D37E-F980-1ED0-0748A550D912}" = Catalyst Control Center Graphics Full Existing
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDA415B-974B-4384-8CA6-9327D5B4270B}" = CorelDRAW Graphics Suite X4 - Lang SV
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5670-0000-A00000000003}" = Korean Fonts Support For Adobe Reader X
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{AF16488F-1EAB-5AF1-54D4-59BBAEFA4F48}" = Catalyst Control Center Graphics Full New
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEECCA33-C880-4648-A043-18614EE1249E}" = ATI AVIVO Codecs
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4D31726-3698-7CA1-EA46-BEE1B1E2ECA2}" = CCC Help Hungarian
"{C5E2A972-51E3-6B56-6B01-F7D21256F864}" = CCC Help Greek
"{C63DCEC6-814B-48DA-82F5-85BE5582CAAD}" = VMD 1.8.7
"{C73FBCE6-B6BF-FDFE-AF76-566A49937FE2}" = CCC Help Portuguese
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"{C95193C0-29BC-F95E-1D1A-F5346BA45091}" = CCC Help Polish
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CBCA600F-6B90-416D-9D19-477758C40946}" = DJ_SF_06_D5500_SW_Min
"{CD468D28-B317-7038-E384-34E347CD5CAA}" = CCC Help Korean
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D96F5244-BBFF-04F9-4E20-78CFE08AD01A}" = CCC Help Thai
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{E85A7628-5420-A5E2-3E6E-8A314C6930F3}" = CCC Help Italian
"{EDFB291E-CFF7-9A67-3948-4DC57D9DB3A6}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA930901-0E74-F94E-B36B-057B55194E00}" = Skins
"{FE2243EE-7C32-C90A-DDF8-75067F45A68D}" = Catalyst Control Center HydraVision Full
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE45D881-F9B6-40C0-A833-8CAF92094AB3}" = HP Deskjet D5500 Printer Driver 14.0 Rel. 6
"{FE970D71-EE17-4399-AD9A-97BE995FF5C1}" = Return To The Roots
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"77700cfgRS232" = 77700cfgRS232
"7-Zip" = 7-Zip 9.20
"ACDLabs in C__Programme_ACDFREE12_" = ACD/Labs Software in C:\Programme\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"A-WIN-Extras 8.0.1 2063897_is1" = Mathematica Extras 8.0 (2063897)
"Crimson Editor SVN286" = Crimson Editor SVN286
"Enable S3 for USB Device" = Enable S3 for USB Device
"Ext2Fsd_is1" = Ext2Fsd 0.51
"Ext2Ifs_for_NT501" = Ext2 IFS 1.11a for Windows XP
"facemoods" = Facemoods Toolbar
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.6.3 Q16_is1" = ImageMagick 6.6.3-2 Q16 (2010-07-30)
"Inkscape" = Inkscape 0.48.2
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.9" = MiKTeX 2.9
"MonosUtility" = MonosUtility
"M-WIN-G 8.0.1 2063988_is1" = Wolfram Mathematica 8 for Students (M-WIN-G 8.0.1 2063988)
"NI LabVIEW Run-Time Engine 5.1" = NI LabVIEW Run-Time Engine 5.1
"Opera 12.14.1738" = Opera 12.14
"Pen Tablet Driver" = Stifttablett
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Trillian" = Trillian
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10/16/2012 12:47:47 PM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung opera.exe, Version 12.2.1578.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12/4/2012 7:47:22 AM | Computer Name = FB08-PC-THEO3 | Source = MsiInstaller | ID = 11609
Description =
Error - 2/6/2013 5:51:12 AM | Computer Name = FB08-PC-THEO3 | Source = MsiInstaller | ID = 11609
Description =
Error - 2/28/2013 7:01:25 AM | Computer Name = FB08-PC-THEO3 | Source = MsiInstaller | ID = 11609
Description =
Error - 3/1/2013 8:27:00 AM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CorelDRW.exe, Version 14.0.0.653, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 8:54:43 AM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung trillian.exe, Version 5.1.0.20, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 10:39:10 AM | Computer Name = FB08-PC-THEO3 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mathkernel.exe, Version 8.0.31.32127, fehlgeschlagenes
Modul mathdll.dll, Version 8.0.31.32127, Fehleradresse 0x003354ca.
Error - 3/4/2013 12:21:23 PM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CorelDRW.exe, Version 14.0.0.653, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 12:33:12 PM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CorelDRW.exe, Version 14.0.0.653, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 12:52:20 PM | Computer Name = FB08-PC-THEO3 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.8345.0, stamp 4f3c32b8,
faulting module winword.exe, version 11.0.8345.0, stamp 4f3c32b8, debug? 0, fault
address 0x00075a75.
[ Application Events ]
Error - 10/16/2012 12:47:47 PM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung opera.exe, Version 12.2.1578.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12/4/2012 7:47:22 AM | Computer Name = FB08-PC-THEO3 | Source = MsiInstaller | ID = 11609
Description =
Error - 2/6/2013 5:51:12 AM | Computer Name = FB08-PC-THEO3 | Source = MsiInstaller | ID = 11609
Description =
Error - 2/28/2013 7:01:25 AM | Computer Name = FB08-PC-THEO3 | Source = MsiInstaller | ID = 11609
Description =
Error - 3/1/2013 8:27:00 AM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CorelDRW.exe, Version 14.0.0.653, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 8:54:43 AM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung trillian.exe, Version 5.1.0.20, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 10:39:10 AM | Computer Name = FB08-PC-THEO3 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mathkernel.exe, Version 8.0.31.32127, fehlgeschlagenes
Modul mathdll.dll, Version 8.0.31.32127, Fehleradresse 0x003354ca.
Error - 3/4/2013 12:21:23 PM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CorelDRW.exe, Version 14.0.0.653, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 12:33:12 PM | Computer Name = FB08-PC-THEO3 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CorelDRW.exe, Version 14.0.0.653, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 3/4/2013 12:52:20 PM | Computer Name = FB08-PC-THEO3 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.8345.0, stamp 4f3c32b8,
faulting module winword.exe, version 11.0.8345.0, stamp 4f3c32b8, debug? 0, fault
address 0x00075a75.
[ System Events ]
Error - 9/12/2012 9:50:24 AM | Computer Name = FB08-PC-THEO3 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows
Installer.
Error - 9/12/2012 9:50:24 AM | Computer Name = FB08-PC-THEO3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 9/19/2012 8:00:24 AM | Computer Name = FB08-PC-THEO3 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FB08-LEED1",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{ED892D39-DAD8-409-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 12/7/2012 4:40:44 AM | Computer Name = FB08-PC-THEO3 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "MSIServer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {000C101C-0000-0000-C000-000000000046}
Error - 12/7/2012 4:40:45 AM | Computer Name = FB08-PC-THEO3 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows
Installer.
Error - 12/7/2012 4:40:45 AM | Computer Name = FB08-PC-THEO3 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Installer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 3/4/2013 10:25:44 AM | Computer Name = FB08-PC-THEO3 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Avira Planer" wurde nicht ordnungsgemäß gestartet.
Error - 3/4/2013 10:26:04 AM | Computer Name = FB08-PC-THEO3 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt:
Starten Sie den Dienst neu..
Error - 3/4/2013 3:01:46 PM | Computer Name = FB08-PC-THEO3 | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek Kingston DataTraveler II+ USB Device nicht laden.
Error - 3/4/2013 3:01:47 PM | Computer Name = FB08-PC-THEO3 | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek Kingston DataTraveler II+ USB Device nicht laden.
< End of report >
Log von gmer: Code:
ATTFilter GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-04 21:44:02
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HDS721050CLA362 rev.JP2OA3EA 465.76GB
Running: gmer_2.1.19115.exe; Driver: C:\DOKUME~1\FRANZI~1\LOKALE~1\Temp\kxtdrkog.sys
---- System - GMER 2.1 ----
SSDT F7B1B874 ZwClose
SSDT F7B1B82E ZwCreateKey
SSDT F7B1B87E ZwCreateSection
SSDT F7B1B824 ZwCreateThread
SSDT F7B1B833 ZwDeleteKey
SSDT F7B1B83D ZwDeleteValueKey
SSDT F7B1B86F ZwDuplicateObject
SSDT F7B1B842 ZwLoadKey
SSDT F7B1B810 ZwOpenProcess
SSDT F7B1B815 ZwOpenThread
SSDT F7B1B897 ZwQueryValueKey
SSDT F7B1B84C ZwReplaceKey
SSDT F7B1B888 ZwRequestWaitReplyPort
SSDT F7B1B847 ZwRestoreKey
SSDT F7B1B883 ZwSetContextThread
SSDT F7B1B88D ZwSetSecurityObject
SSDT F7B1B838 ZwSetValueKey
SSDT F7B1B892 ZwSystemDebugControl
SSDT F7B1B81F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF24A8000, 0x220617, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
 |
| Themen zu Trojaner AAJX (?) |
| 32 bit, 7-zip, amerika, antivir, audiograbber, avira, bho, branding, browser, computer, einstellungen, error, explorer, firefox, flash player, format, h.264/mpeg-4, helper, homepage, internet, internet browser, logfile, msiinstaller, object, opera, plug-in, realtek, registry, rojaner gefunden, rundll, schadsoftware eingefangen, security, starten, trojaner, udp, unknown mbr, usb, windows internet, wrapper |
Baum-Darstellung