| |
| |||||||
Log-Analyse und Auswertung: Downloadtrojaner gefunden (Win32/Dofoil.R)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.03.2013, 17:36
| #1 |
 |  Downloadtrojaner gefunden (Win32/Dofoil.R) Liebe Experten! Erstmal danke für eure Hilfe!!!! Als ich mich gestern beim Online-Banking angemeldet habe, wurde ich in einem Popup (in schlechterem Deutsch) aufgefordert, meine TANs einzugeben  Also habe ich sofort einen Suchlauf nach Viren etc. gemacht - mit Windows Defender (bisher habe ich leider der Computersicherheit nicht so viel Beachtung geschenkt - immer erst wenn was passiert... also kein kostenpflichtiges Antivirenprogramm o.ä. installiert). Der Defender hat auch Folgendes gefunden und gelöscht: Code:
ATTFilter TrojanDownloader: Win32/Dofoil.R
Kategorie:
Downloadtrojaner
Beschreibung:
Dieses Programm ist gefährlich. Es lädt andere Programme herunter.
Empfehlung:
Entfernen Sie diese Software unverzüglich.
Ressourcen:
regkey:
HKCU@S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\BAE
runkey:
HKCU@S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\BAE
file:
C:\Windows\Temp\wpbt0.dll
file:
C:\Windows\system32\config\systemprofile\AppData\Roaming\5B09FC.exe
file:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F24B5F0N\readme[1].exe
Dann bin ich auf eure Seite gestoßen und bin (nur am Rande) begeistert, dass ihr uns Laien so toll helft! Danke nochmal  !!!!!Ich hoffe, ich habe alles richtig gemacht - hier also die Ergebnisse: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.01.09 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16982 Timo & Nici :: LAPPI [Administrator] 01.03.2013 22:25:08 mbam-log-2013-03-01 (22-25-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 349179 Laufzeit: 1 Stunde(n), 25 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VLC media player (Spyware.Zeus) -> Daten: C:\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|VLC media player (Spyware.Zeus) -> Daten: C:\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IExplorer Util (Trojan.Agent.IET) -> Daten: C:\Users\Timo & Nici\AppData\Roaming\ie_util.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Spyware.Zeus) -> Bösartig: (C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Run (Spyware.Zeus) -> Bösartig: (C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Timo & Nici\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZUHKADO\9cc9c[1].exe (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Timo & Nici\AppData\Roaming\ie_util.exe (Trojan.Agent.IET) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Defogger wollte irgendwie nicht??? Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:20 on 02/03/2013 (Timo & Nici)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 02.03.2013 10:21:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Timo & Nici\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 54,99% Memory free 6,17 Gb Paging File | 4,92 Gb Available in Paging File | 79,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,88 Gb Total Space | 154,03 Gb Free Space | 67,00% Space Free | Partition Type: NTFS Computer Name: LAPPI | User Name: Timo & Nici | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.02 10:21:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo & Nici\Downloads\OTL.exe PRC - [2013.01.24 14:18:46 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.11.21 05:21:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2010.03.24 18:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010.03.02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe PRC - [2009.11.13 10:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe PRC - [2009.11.13 10:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe PRC - [2009.11.13 10:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe PRC - [2009.06.16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.09.30 16:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2008.09.30 16:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2008.04.23 18:13:37 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.08.09 12:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.07.19 14:32:34 | 001,120,568 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe PRC - [2007.04.19 10:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe PRC - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.01.11 10:40:22 | 000,232,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2007.01.11 10:40:18 | 000,017,656 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe PRC - [2006.12.18 16:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2006.11.02 10:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe ========== Modules (No Company Name) ========== MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.27 11:18:58 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\10fc12b6bf6510f0b967d20a2b04c476\Microsoft.VisualBasic.ni.dll MOD - [2011.03.27 11:18:26 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\31729b33207d1093721f9e943302b900\System.Management.ni.dll MOD - [2011.03.23 06:14:23 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll MOD - [2011.03.23 06:14:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll MOD - [2011.03.22 19:51:58 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45d73bf5a07b8fd8a12fcf7d68e9b318\System.Data.ni.dll MOD - [2011.03.22 19:51:11 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll MOD - [2011.03.22 19:50:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll MOD - [2011.03.22 19:50:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll MOD - [2011.03.22 19:50:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll MOD - [2011.03.22 19:50:33 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ba71341e41687591124f9a5680cb0981\System.ServiceProcess.ni.dll MOD - [2011.03.22 19:49:50 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll MOD - [2011.03.22 19:49:19 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll MOD - [2009.08.19 14:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll MOD - [2009.07.29 14:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll MOD - [2008.07.29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2008.07.27 19:00:27 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2008.07.27 19:00:26 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008.07.27 19:00:17 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 19:00:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.27 19:00:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.resources.dll MOD - [2008.04.23 09:20:56 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2700.36866__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.04.23 09:20:56 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2700.36824__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.04.23 09:20:56 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2700.36879__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.04.23 09:20:56 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2700.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.04.23 09:20:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2700.36859__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.04.23 09:20:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2700.36879__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2008.04.23 09:20:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2700.36844__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.04.23 09:20:55 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2700.37128__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.04.23 09:20:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2700.37044__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.04.23 09:20:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2700.36979__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.04.23 09:20:25 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2700.37052__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.04.23 09:20:25 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2700.37121__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2008.04.23 09:20:25 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2700.37134__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.04.23 09:20:25 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2700.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.04.23 09:20:25 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2700.36837__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.04.23 09:20:25 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2700.37051__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.04.23 09:20:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2700.37120__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.04.23 09:20:24 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2700.36989__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.04.23 09:20:24 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2700.36893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.04.23 09:20:24 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2700.36845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.04.23 09:20:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2700.37072__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.04.23 09:20:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2700.37031__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.04.23 09:20:24 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2700.36900__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.04.23 09:20:24 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2700.36886__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.04.23 09:20:24 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2700.37010__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.04.23 09:20:24 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2700.36987__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.04.23 09:20:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2700.36899__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.04.23 09:20:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2700.37010__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.04.23 09:20:23 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2700.36980__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.04.23 09:20:23 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2700.36973__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.04.23 09:20:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2700.36979__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.04.23 09:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2700.36986__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.04.23 09:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.04.23 09:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2700.37030__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.04.23 09:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.04.23 09:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.04.23 09:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.04.23 09:20:23 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.04.23 09:20:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.04.23 09:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.04.23 09:20:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.04.23 09:20:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.04.23 09:20:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.04.23 09:20:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2665.42197__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.04.23 09:20:21 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.04.23 09:20:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.04.23 09:20:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.04.23 09:20:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.04.23 09:20:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.04.23 09:20:15 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2700.37103_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.04.23 09:20:14 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2700.37157__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.04.23 09:20:14 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2700.36821__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.04.23 09:20:11 | 001,503,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2700.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.04.23 09:20:11 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2700.36852__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.04.23 09:20:11 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2700.37103__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.04.23 09:20:11 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2700.37112__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.04.23 09:20:11 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2700.36823__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.04.23 09:20:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2700.37110__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.04.23 09:20:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.04.23 09:20:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.04.23 09:20:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.04.23 09:20:11 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.04.23 09:20:10 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2700.36823__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.04.23 09:20:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2700.36822__90ba9c70f846762e\AEM.Server.dll MOD - [2008.04.23 09:20:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2700.37112__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.04.23 09:20:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.04.23 09:20:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.05.25 05:52:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.01.11 10:02:14 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2013.02.26 19:43:50 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService) SRV - [2009.11.13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2009.06.16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.04.23 18:13:37 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.02.13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2008.05.27 10:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.05.27 10:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.05.27 10:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.05.27 10:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.05.27 10:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.05.27 10:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.05.27 10:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2007.07.30 15:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.07.12 11:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2007.05.25 06:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.23 04:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.10.30 09:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14672 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=65babe8e-3ebc-478c-bed0-726c579ab9af&apn_sauid=0B226534-3E87-43B0-B1DE-3E738FD34261 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7PBEA_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 127.0.0.1;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.1.0.19 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Timo & Nici\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 14:32:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.31 21:31:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.31 21:31:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 14:32:27 | 000,000,000 | ---D | M] [2008.08.31 17:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Extensions [2012.03.15 11:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions [2011.07.15 18:10:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.07.23 20:45:12 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2013.02.07 13:05:31 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions\toolbar@ask.com [2013.02.07 13:05:31 | 000,002,323 | ---- | M] () -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\firefox\profiles\xz671v2w.default\searchplugins\askcom.xml [2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\firefox\profiles\xz671v2w.default\searchplugins\conduit.xml [2012.12.31 21:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008.04.23 09:28:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.12.31 21:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Atqytya] C:\Users\Timo & Nici\AppData\Roaming\Efme\vuury.exe () O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKCU..\Run: [VLC media player] C:\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe () O4 - HKCU..\RunOnce: [VLC media player] C:\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe () O4 - Startup: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () F3 - HKCU WinNT: Load - (C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE) - C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE () F3 - HKCU WinNT: Run - (C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE) - C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EA77E1D-1647-4FB5-91BE-213D9B625ACB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE063151-8F8A-4790-BB35-6C01A3D017D6}: DhcpNameServer = 192.168.0.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{48da855a-6b3d-11df-979f-001fc6689462}\Shell - "" = AutoRun O33 - MountPoints2\{48da855a-6b3d-11df-979f-001fc6689462}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{6d6d7ef8-b784-11df-b9b8-001fc6689462}\Shell - "" = AutoRun O33 - MountPoints2\{6d6d7ef8-b784-11df-b9b8-001fc6689462}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{6ec7ed0b-bb6c-11df-b180-001fc6689462}\Shell\AutoRun\command - "" = F:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.01 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Malwarebytes [2013.03.01 22:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.01 22:23:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.01 22:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.24 13:16:22 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Yrre [2013.02.24 13:16:22 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Efme [2013.02.24 13:16:22 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Apyzc [2013.02.15 17:14:54 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\Desktop\FÜR FP [2013.02.15 15:05:15 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\Desktop\drucken [2011.12.14 19:49:57 | 014,597,312 | ---- | C] (Mozilla) -- C:\Users\Timo & Nici\Firefox Setup 8.0.1.exe [2010.06.03 21:30:14 | 007,981,569 | ---- | C] (DsNET) -- C:\Users\Timo & Nici\aTube300_Catcher.exe ========== Files - Modified Within 30 Days ========== [2013.03.02 10:18:18 | 000,000,000 | ---- | M] () -- C:\Users\Timo & Nici\defogger_reenable [2013.03.02 10:00:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job [2013.03.02 10:00:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job [2013.03.02 09:31:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.02 09:27:07 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 09:27:07 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 08:34:11 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.02 08:34:11 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.02 08:34:11 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.02 08:34:11 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.02 08:27:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.02 08:26:58 | 3220,398,080 | -HS- | M] () -- C:\hiberfil.sys [2013.03.01 23:54:08 | 000,013,174 | ---- | M] () -- C:\Users\Timo & Nici\Desktop\Trojaner.odt [2013.02.27 14:41:45 | 000,150,528 | ---- | M] () -- C:\Users\Timo & Nici\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.03 16:09:19 | 000,020,147 | ---- | M] () -- C:\Users\Timo & Nici\Documents\Haushaltsbuch_2013.ods ========== Files Created - No Company Name ========== [2013.03.02 10:18:18 | 000,000,000 | ---- | C] () -- C:\Users\Timo & Nici\defogger_reenable [2013.03.01 22:13:39 | 000,013,174 | ---- | C] () -- C:\Users\Timo & Nici\Desktop\Trojaner.odt [2013.02.22 16:26:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.03 15:48:57 | 000,020,147 | ---- | C] () -- C:\Users\Timo & Nici\Documents\Haushaltsbuch_2013.ods [2010.07.02 12:43:40 | 000,000,922 | ---- | C] () -- C:\Users\Timo & Nici\dm-Fotowelt.lnk [2010.07.02 12:40:03 | 001,430,584 | ---- | C] () -- C:\Users\Timo & Nici\setup_dm_Fotowelt.exe [2009.10.23 18:59:24 | 000,000,439 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Roaming\mdbu.bin [2009.03.15 11:51:41 | 000,007,268 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\d3d9caps.dat [2008.07.19 13:13:37 | 000,150,528 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.19 13:04:04 | 000,000,099 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2008.11.06 13:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.24 13:16:22 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Apyzc [2008.12.09 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Datalayer [2013.02.24 13:16:22 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Efme [2008.12.09 21:05:19 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Nokia [2008.10.28 20:36:05 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\OpenOffice.org [2008.07.19 17:05:19 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Packard Bell [2008.12.09 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\PC Suite [2010.10.16 14:42:03 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\ProtectDisc [2010.05.29 17:52:04 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Western Digital [2008.11.25 06:43:06 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\WordToPDF [2013.03.01 23:32:25 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Yrre ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\yamaha.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\web to date Projekte:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\VLC media player:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Updater5:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Unterlagen Allscheidt 6:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp Website Backup:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp Webseite_Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SUP_31_22_Me_Ti.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Studie AB.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Stimmgabel_Yamaha.gif:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Skript:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\s.n. Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Rückwärtszähler:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\restore:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Personalausweis.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\MORITZ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Immo-Seite alt:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\HOCHZEIT:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\fonts:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Expose:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Erzeugte Websites:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Eigene Scans:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Driegeltrath:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\diverses:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Bewerbungen 2009:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Armin:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\ap:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Andy Bewerbung:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Am Kämpchen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Adobe:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\Nici Arbeit:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\FÜR FP:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\drucken:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\bad:Roxio EMC Stream Code:
ATTFilter
OTL Extras logfile created on: 02.03.2013 10:21:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Timo & Nici\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 54,99% Memory free
6,17 Gb Paging File | 4,92 Gb Available in Paging File | 79,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,88 Gb Total Space | 154,03 Gb Free Space | 67,00% Space Free | Partition Type: NTFS
Computer Name: LAPPI | User Name: Timo & Nici | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC11D7A-382C-49F8-AA3B-7B35FDE53B1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{0F4BFA5A-C71E-455D-AE7F-F5A68AE23E0C}" = rport=138 | protocol=17 | dir=out | app=system |
"{498DF453-3FDD-4F81-B097-B7EE3234ADBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5BAB4981-7152-4864-BE83-249D7AB9BFF8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{89B82B15-10A0-4CDE-9D1E-21D8DA288F79}" = lport=138 | protocol=17 | dir=in | app=system |
"{9AB3BD36-957A-45BC-AB88-F8BD0DA8AA6A}" = lport=139 | protocol=6 | dir=in | app=system |
"{9C7AA73D-5302-4758-9786-06E7C5756793}" = lport=445 | protocol=6 | dir=in | app=system |
"{9F9D628B-D5CC-492B-916D-CFEEF4BB4DB7}" = rport=445 | protocol=6 | dir=out | app=system |
"{B32159DA-05A3-4F46-9AEE-8DFB7EBB00AD}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3FFA111-641E-4C85-944B-CBDBE1B6EF92}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EB2843-4BAD-45A7-8C4C-EEE8C4F61C0F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1A283C4B-83A0-4FC6-A60C-F7996C884E81}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C5D26BF-0135-42C9-937C-F082BF28E472}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{24E7E0C2-827A-4FFC-84A7-F7472161C0BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2760EC05-FA31-4066-978E-26BFDDF56CCD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A3F5692-0F66-4D12-A07A-2108EDFF791A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{3B04681E-9960-4ECF-ADC7-9993027DE195}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{3BA5A97B-99B7-40F2-92D9-3B311B1CADA0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{3D789947-1327-4EEF-B3E6-43028595EADD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{4D86AED2-E850-4FEE-81D6-76FADBB6C8AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{51321EE3-2B2C-499B-BAE2-D3794DF724B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{5CC1B2E7-050A-4171-BB93-FC71AE0654F9}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{6EEBCFE1-77F9-407A-8035-2302F559C1AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{75471811-32B3-491C-8B91-471FD337E7E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{7E11796B-63C3-48E6-AA5D-24ABB742E2E5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{817612C7-132B-4470-94F6-B4E608F060A0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{81862F82-C575-46DC-927E-A02ED682CB3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{912788FE-1108-4A1E-AE8B-653AED257B96}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AAA00D6A-FE8F-4EB1-A0EF-04C64567B148}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{B1E6296F-27A7-4CC4-BA7B-63107F773824}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B48DDAFB-DC2D-4C5D-B159-E77828CAD992}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CC164EE3-DD36-4E7E-85DD-85015F4FDE1A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{D75BB2C3-09C3-47EB-946C-C4FCE83B1FE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{DB9E1049-2CB0-4610-AE1A-516EA7923C67}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{EC8EE595-2CD0-40E7-B58C-65089D827CD0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F29D12F9-59B2-4F8D-B240-9B1208072BAE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{FC967F93-3F0A-4900-8028-FD605B5390E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1D9C37BF-9889-4518-A91E-4BE9C66AE32B}C:\program files\typo3\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files\typo3\apache\bin\apache.exe |
"TCP Query User{215F2B8B-69B4-4479-BE58-A65B11CA1E20}D:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=d:\bin\ia\core\mdm_util.exe |
"TCP Query User{226EAA1D-75FC-41B5-82E1-2017C0BEE8DE}C:\program files\data becker\web to date 6.0\ftptrans.exe" = protocol=6 | dir=in | app=c:\program files\data becker\web to date 6.0\ftptrans.exe |
"TCP Query User{2737CBE0-3522-40B4-A97D-F0EEA5CED0C1}C:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe |
"TCP Query User{45325262-C72D-4B8A-A66F-25C5692C5569}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"TCP Query User{77108691-02CA-4890-81C7-F4754695413B}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"TCP Query User{A2627E80-0276-4703-BA46-D45761074565}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe |
"TCP Query User{A70D80E5-7405-4789-9EE9-F9D1239CA3B4}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe |
"TCP Query User{A8C456CF-9343-47A0-9950-94A2CF7FA21A}C:\program files\data becker\web to date 7\ftptrans.exe" = protocol=6 | dir=in | app=c:\program files\data becker\web to date 7\ftptrans.exe |
"TCP Query User{E6C36B1D-F62D-4E88-AD41-D46EAA6420B7}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{EF0ED677-FAE2-4C10-A9F8-88FD4AC899C1}C:\program files\typo3\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\typo3\mysql\bin\mysqld.exe |
"UDP Query User{0620CE6A-7E94-4E8E-89CD-61692A2DEA80}C:\program files\data becker\web to date 7\ftptrans.exe" = protocol=17 | dir=in | app=c:\program files\data becker\web to date 7\ftptrans.exe |
"UDP Query User{0EEB2791-3AB0-4455-9CC1-B9AF3D58AA86}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe |
"UDP Query User{1533C1C0-2C97-40CF-99C4-93D4E938B7A5}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"UDP Query User{1B112852-A4E6-42AD-9E59-01EEC3BE7878}C:\program files\data becker\web to date 6.0\ftptrans.exe" = protocol=17 | dir=in | app=c:\program files\data becker\web to date 6.0\ftptrans.exe |
"UDP Query User{29AD8B41-42A4-4CD3-B042-FDA30F46D422}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{88B0C670-5185-45D7-8A4A-7236D2CE0541}D:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=d:\bin\ia\core\mdm_util.exe |
"UDP Query User{B8A97F01-CCA5-4F14-83FD-C0E2EFCBFDC1}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"UDP Query User{DF5EB59D-CDEA-4858-941C-EB824D638B33}C:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe |
"UDP Query User{E4F94932-7A06-4756-AC64-49B8037DA944}C:\program files\typo3\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files\typo3\apache\bin\apache.exe |
"UDP Query User{F21075C4-5505-4F23-88BE-AEA28ECC579C}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe |
"UDP Query User{F255DEF9-AC6F-4CE5-BC06-78A6B9857B6C}C:\program files\typo3\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\typo3\mysql\bin\mysqld.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0C5A9DEB-AA63-E327-3067-28CC79EB61D8}" = CCC Help Spanish
"{0DE3F04D-1CB1-6481-F970-37DC56287F13}" = Catalyst Control Center Localization Polish
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1D70E271-4349-4802-BB77-8E8A23F37151}" = Catalyst Control Center Localization Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{221BA099-FA5F-EB6C-2B8B-D7B384D79D11}" = ccc-utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C00028-4CC9-2FC5-85CD-1C29FB5442C0}" = Catalyst Control Center Localization Norwegian
"{299FB8EC-CA61-2503-C75D-394A3932FCF3}" = CCC Help Thai
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E21BC34-652C-E8FA-4FC1-DDCE012D2ADE}" = Catalyst Control Center Graphics Light
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF3552A-C9FA-BD8D-D8E5-DA25E0E2A95A}" = CCC Help Russian
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{328E72CE-19EC-CE8D-0D39-B9EAFA3606EB}" = Catalyst Control Center Localization French
"{3595EF18-1946-9F0D-0A5E-54B682D63D43}" = CCC Help Greek
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{409BF604-40A9-C7E5-5644-BE3D70756F10}" = CCC Help Polish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{46E1FFFA-D9FC-DB9A-DD0D-FD0C754ED232}" = ccc-core-static
"{475CD8E7-132C-C303-4E8E-5792D284A2B2}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E49E9B4-9B3E-DFF2-AE86-39AF2A675755}" = Catalyst Control Center Localization Japanese
"{4E98EBDD-D4F5-C4EA-319A-F213763BE5A9}" = Catalyst Control Center Localization Thai
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5CFA2909-F2D4-D5F6-B122-D86638BD6118}" = Catalyst Control Center Localization Greek
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65663213-4239-02AB-29C7-0B23EBD30AFC}" = CCC Help Czech
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68F330AF-55AF-337A-B570-841517C5D174}" = CCC Help Turkish
"{69DAA768-DE42-46F4-BBAB-1E2CE5F90BAE}" = WPC-EASY-V1.2-DEMO 1.2
"{6AF47E58-84F4-0453-9277-5AB5F202AC88}" = CCC Help Chinese Traditional
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C7A02F0-0ADE-00D1-5EEB-B3495AE33371}" = CCC Help Finnish
"{6CB09473-7C20-7844-1CC0-29D0C51884AE}" = Catalyst Control Center Localization Portuguese
"{6D69A2C1-7194-AE60-4AD6-1477C14ED50D}" = Catalyst Control Center Localization Finnish
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77F7B355-0612-B4D0-250E-701DC65ED26B}" = Catalyst Control Center Localization Danish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B1145B0-2B0E-72CA-DF99-924944747C49}" = CCC Help Italian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E65D89E-B956-880E-4DDE-9DE48B13A6A0}" = Catalyst Control Center Localization Spanish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{944523A5-F9DF-0C73-4C7E-8F95A489BEA9}" = Catalyst Control Center Core Implementation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9665D8CE-8BB9-EE1E-8543-BDAD785AD7B4}" = Catalyst Control Center Localization Russian
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C20015F-B6F3-69E1-C222-4A96B0D1ECA2}" = CCC Help Danish
"{A17A5A40-6BD8-2E81-2148-6D85C45BBC08}" = Catalyst Control Center Localization Czech
"{A2046E31-D0A9-395E-42FC-195611A3D263}" = Catalyst Control Center Localization Chinese Traditional
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABE7F67B-9B82-D0B8-98A0-0B9857044BD9}" = Catalyst Control Center Localization Swedish
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B377CFB6-3DC9-DB9A-0FD6-F62B9656BAD7}" = CCC Help Norwegian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{BBD6AE19-4BF2-F279-723A-FFE703C7BE35}" = CCC Help Japanese
"{BCBF5C93-EAF3-D3E1-56A0-E20905B6F0A5}" = CCC Help Chinese Standard
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8E571C4-0754-1D8B-E08E-04A3AE8FB807}" = Catalyst Control Center Localization Dutch
"{C9F12EC7-17B7-11DF-5823-D6667B33CE86}" = Catalyst Control Center Localization Korean
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A55340-F289-772A-FCF6-A4A3209CE863}" = CCC Help German
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC22B4FF-0500-9C3C-9645-0E192888480D}" = Catalyst Control Center Localization German
"{DDED2BA7-FE4E-1183-FDCF-348A4BE362A7}" = CCC Help Hungarian
"{DE376A2C-7964-617C-CB94-C2D1E9B6B24A}" = Catalyst Control Center Localization Italian
"{E2498002-042E-2D61-6578-42D995B021F2}" = CCC Help French
"{E2FCC9D2-AE19-9DA3-FDF8-58594C80126D}" = Catalyst Control Center Localization Chinese Standard
"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver
"{E82C6C1A-1258-ACE3-9061-2FA3FAF40398}" = Catalyst Control Center Localization Hungarian
"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager
"{EB89DC4E-A3C2-A1ED-4689-F95CF3E07CCA}" = CCC Help English
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE23EF27-B925-4A27-E2C7-1D9E5B038DD8}" = CCC Help Swedish
"{EE247152-BFC5-9C7B-E19F-A57BFF5FEB9C}" = CCC Help Korean
"{EF0F5226-0C5B-83C9-65CB-58F6D3E22F6B}" = Catalyst Control Center Graphics Full Existing
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7EFB45A-0244-02A2-E9E2-C6A1E7E3D3EB}" = CCC Help Portuguese
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FFC18C10-E04D-D93B-5029-A66B086BBEC7}" = Catalyst Control Center Graphics Full New
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"AdobeReader" = Adobe Reader 8
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 1.2.3
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CREATOR9" = Creator 9
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FirefoxDE" = Firefox
"Flashplayer" = Flash Player 9 Internet Explorer
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"FtpPilot" = FtpPilot
"GOOGLE_EARTH" = Google Earth
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"LCDTest" = Packard Bell LCD Test
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"METABOLI" = Metaboli
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"N360_2007_DE" = Norton 360
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SETUPMYPC_DE" = SetUp My PC
"Shockwave" = Shockwave player 10
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Updator" = Packard Bell Updator
"VLC media player" = VLC media player 1.1.10
"web to date 7_is1" = DATA BECKER web to date 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WordToPDF_is1" = WordToPDF 2.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Kies Air Discovery Service" = Kies Air Discovery Service
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.03.2013 15:03:26 | Computer Name = Lappi | Source = VSS | ID = 8194
Description =
Error - 01.03.2013 16:16:54 | Computer Name = Lappi | Source = MsiInstaller | ID = 11730
Description =
Error - 01.03.2013 17:15:45 | Computer Name = Lappi | Source = WDSmartWareBackgroundService | ID = 0
Description =
Error - 01.03.2013 17:15:57 | Computer Name = Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.03.2013 17:21:52 | Computer Name = Lappi | Source = WerSvc | ID = 5007
Description =
Error - 01.03.2013 18:55:55 | Computer Name = Lappi | Source = WDSmartWareBackgroundService | ID = 0
Description =
Error - 01.03.2013 18:56:11 | Computer Name = Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.03.2013 03:27:58 | Computer Name = Lappi | Source = WDSmartWareBackgroundService | ID = 0
Description =
Error - 02.03.2013 03:28:08 | Computer Name = Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.03.2013 03:31:18 | Computer Name = Lappi | Source = WerSvc | ID = 5007
Description =
[ System Events ]
Error - 01.03.2013 18:54:38 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
2, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.03.2013 18:54:38 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
4, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.03.2013 18:54:38 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
7, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.03.2013 18:54:39 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.03.2013 18:56:30 | Computer Name = Lappi | Source = DCOM | ID = 10010
Description =
Error - 01.03.2013 18:56:44 | Computer Name = Lappi | Source = BROWSER | ID = 8017
Description =
Error - 02.03.2013 03:26:41 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
2, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 02.03.2013 03:26:41 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
4, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 02.03.2013 03:26:41 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
7, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 02.03.2013 03:26:42 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
< End of report >
Code:
ATTFilter Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.0.6000.2.0.0.768.3
Gebietsschema-ID: 1031
Zusatzinformationen zum Problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 8244785D
BCP3: A0E57A54
BCP4: 00000000
OS Version: 6_0_6000
Service Pack: 0_0
Product: 768_1
Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\Mini030213-02.dmp
C:\Users\Timo & Nici\AppData\Local\Temp\WER-90449-0.sysdata.xml
C:\Users\Timo & Nici\AppData\Local\Temp\WERA15D.tmp.version.txt
Ich hoffe das war alles, was ihr braucht - sonst reiche ich gerne nach! Was habe ich denn da genau? Bei der Commerzbank habe ich schon darum gebeten, den Zugang zu sperren und neue Daten zu schicken. Muss ich auch alle meine Passwörter (über Handy oder so) ändern? Kann jemand jetzt Spam über meinen Account verschicken? Fragen über Fragen - sorry! Ich drücke die Daumen, dass das wieder wird und bin dankbar für eure Hilfe und evtl. Tipps für ein gutes (gerne kostenfreies oder günstiges) Antiviren-Programm o.ä. Jetzt bin ich ja schlauer  Also, vielen vielen Dank für Anweisungen (bin nicht ganz so bewandert in Sachen Technik) Gruß, Nici |
| Themen zu Downloadtrojaner gefunden (Win32/Dofoil.R) |
| 32 bit, antiviren-programm, audacity, becker, bho, bonjour, canon, danke für eure hilfe!, desktop, downloader, downloadtrojaner, e-banking, error, firefox, flash player, frage, hilfreich, home, index, install.exe, internet, logfile, minidump, mozilla, msiinstaller, packard bell, plug-in, popup, programm, realtek, registry, rojaner gefunden, scan, security, softonic deutsch toolbar, software, super, symantec, system, trojan.agent.iet, trojaner, typo3, viren, vista, windows, ändern |
Baum-Darstellung