Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Downloadtrojaner gefunden (Win32/Dofoil.R)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.03.2013, 17:36   #1
nici_st
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Icon32

Downloadtrojaner gefunden (Win32/Dofoil.R)



Liebe Experten!

Erstmal danke für eure Hilfe!!!!
Als ich mich gestern beim Online-Banking angemeldet habe, wurde ich in einem Popup (in schlechterem Deutsch) aufgefordert, meine TANs einzugeben

Also habe ich sofort einen Suchlauf nach Viren etc. gemacht - mit Windows Defender (bisher habe ich leider der Computersicherheit nicht so viel Beachtung geschenkt - immer erst wenn was passiert... also kein kostenpflichtiges Antivirenprogramm o.ä. installiert). Der Defender hat auch Folgendes gefunden und gelöscht:

Code:
ATTFilter
TrojanDownloader: Win32/Dofoil.R

Kategorie:
Downloadtrojaner

Beschreibung:
Dieses Programm ist gefährlich. Es lädt andere Programme herunter.

Empfehlung:
Entfernen Sie diese Software unverzüglich.

Ressourcen:
regkey:
HKCU@S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\BAE

runkey:
HKCU@S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\BAE

file:
C:\Windows\Temp\wpbt0.dll

file:
C:\Windows\system32\config\systemprofile\AppData\Roaming\5B09FC.exe

file:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F24B5F0N\readme[1].exe
         
Also nochmal bei der Commerbank probiert - Popup immernoch da.

Dann bin ich auf eure Seite gestoßen und bin (nur am Rande) begeistert, dass ihr uns Laien so toll helft! Danke nochmal !!!!!

Ich hoffe, ich habe alles richtig gemacht - hier also die Ergebnisse:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.01.09

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Timo & Nici :: LAPPI [Administrator]

01.03.2013 22:25:08
mbam-log-2013-03-01 (22-25-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349179
Laufzeit: 1 Stunde(n), 25 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VLC media player (Spyware.Zeus) -> Daten: C:\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|VLC media player (Spyware.Zeus) -> Daten: C:\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IExplorer Util (Trojan.Agent.IET) -> Daten: C:\Users\Timo & Nici\AppData\Roaming\ie_util.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Spyware.Zeus) -> Bösartig: (C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Run (Spyware.Zeus) -> Bösartig: (C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Timo & Nici\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZUHKADO\9cc9c[1].exe (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Timo & Nici\AppData\Roaming\ie_util.exe (Trojan.Agent.IET) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Sieht sch... aus, oder?

Defogger wollte irgendwie nicht???

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:20 on 02/03/2013 (Timo & Nici)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
OTL logfile created on: 02.03.2013 10:21:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo & Nici\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 54,99% Memory free
6,17 Gb Paging File | 4,92 Gb Available in Paging File | 79,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,88 Gb Total Space | 154,03 Gb Free Space | 67,00% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI | User Name: Timo & Nici | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.02 10:21:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo & Nici\Downloads\OTL.exe
PRC - [2013.01.24 14:18:46 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.11.21 05:21:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.24 18:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010.03.02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.11.13 10:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009.11.13 10:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009.11.13 10:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009.06.16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.09.30 16:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008.09.30 16:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008.04.23 18:13:37 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.08.09 12:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.07.19 14:32:34 | 001,120,568 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2007.04.19 10:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.11 10:40:22 | 000,232,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2007.01.11 10:40:18 | 000,017,656 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006.12.18 16:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.02 10:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.27 11:18:58 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\10fc12b6bf6510f0b967d20a2b04c476\Microsoft.VisualBasic.ni.dll
MOD - [2011.03.27 11:18:26 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\31729b33207d1093721f9e943302b900\System.Management.ni.dll
MOD - [2011.03.23 06:14:23 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll
MOD - [2011.03.23 06:14:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll
MOD - [2011.03.22 19:51:58 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45d73bf5a07b8fd8a12fcf7d68e9b318\System.Data.ni.dll
MOD - [2011.03.22 19:51:11 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll
MOD - [2011.03.22 19:50:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll
MOD - [2011.03.22 19:50:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
MOD - [2011.03.22 19:50:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll
MOD - [2011.03.22 19:50:33 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ba71341e41687591124f9a5680cb0981\System.ServiceProcess.ni.dll
MOD - [2011.03.22 19:49:50 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2011.03.22 19:49:19 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2009.08.19 14:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009.07.29 14:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008.07.29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.07.27 19:00:27 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2008.07.27 19:00:26 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008.07.27 19:00:17 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.07.27 19:00:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.27 19:00:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.resources.dll
MOD - [2008.04.23 09:20:56 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2700.36866__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:56 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2700.36824__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:56 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2700.36879__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:56 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2700.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2700.36859__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2700.36879__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2700.36844__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:55 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2700.37128__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2700.37044__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2700.36979__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:25 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2700.37052__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2700.37121__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2700.37134__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2700.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:25 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2700.36837__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2700.37051__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2700.37120__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:24 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2700.36989__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2700.36893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2700.36845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2700.37072__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2700.37031__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2700.36900__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:24 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2700.36886__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2700.37010__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2700.36987__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2700.36899__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2700.37010__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2700.36980__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:23 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2700.36973__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2700.36979__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2700.36986__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.04.23 09:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2700.37030__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.04.23 09:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.04.23 09:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.04.23 09:20:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.04.23 09:20:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.04.23 09:20:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2665.42197__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.04.23 09:20:15 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2700.37103_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2008.04.23 09:20:14 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2700.37157__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.04.23 09:20:14 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2700.36821__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.04.23 09:20:11 | 001,503,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2700.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.04.23 09:20:11 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2700.36852__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.04.23 09:20:11 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2700.37103__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.04.23 09:20:11 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2700.37112__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.04.23 09:20:11 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2700.36823__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.04.23 09:20:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2700.37110__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.04.23 09:20:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.04.23 09:20:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.04.23 09:20:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.04.23 09:20:11 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.04.23 09:20:10 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2700.36823__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.04.23 09:20:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2700.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.04.23 09:20:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2700.37112__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.04.23 09:20:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.04.23 09:20:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.05.25 05:52:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.01.11 10:02:14 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2013.02.26 19:43:50 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.11.13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009.06.16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.04.23 18:13:37 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.02.13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.05.27 10:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.05.27 10:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.05.27 10:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.05.27 10:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.05.27 10:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.05.27 10:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.05.27 10:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2007.07.30 15:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.07.12 11:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007.05.25 06:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.23 04:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.10.30 09:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14672
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=65babe8e-3ebc-478c-bed0-726c579ab9af&apn_sauid=0B226534-3E87-43B0-B1DE-3E738FD34261
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7PBEA_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 127.0.0.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.1.0.19
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Timo & Nici\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 14:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.31 21:31:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.31 21:31:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 14:32:27 | 000,000,000 | ---D | M]
 
[2008.08.31 17:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Extensions
[2012.03.15 11:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions
[2011.07.15 18:10:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.07.23 20:45:12 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2013.02.07 13:05:31 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions\toolbar@ask.com
[2013.02.07 13:05:31 | 000,002,323 | ---- | M] () -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\firefox\profiles\xz671v2w.default\searchplugins\askcom.xml
[2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\firefox\profiles\xz671v2w.default\searchplugins\conduit.xml
[2012.12.31 21:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.04.23 09:28:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.12.31 21:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Atqytya] C:\Users\Timo & Nici\AppData\Roaming\Efme\vuury.exe ()
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [VLC media player] C:\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe ()
O4 - HKCU..\RunOnce: [VLC media player] C:\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe ()
O4 - Startup: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
F3 - HKCU WinNT: Load - (C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE) - C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE ()
F3 - HKCU WinNT: Run - (C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE) - C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EA77E1D-1647-4FB5-91BE-213D9B625ACB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE063151-8F8A-4790-BB35-6C01A3D017D6}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{48da855a-6b3d-11df-979f-001fc6689462}\Shell - "" = AutoRun
O33 - MountPoints2\{48da855a-6b3d-11df-979f-001fc6689462}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6d6d7ef8-b784-11df-b9b8-001fc6689462}\Shell - "" = AutoRun
O33 - MountPoints2\{6d6d7ef8-b784-11df-b9b8-001fc6689462}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{6ec7ed0b-bb6c-11df-b180-001fc6689462}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.01 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Malwarebytes
[2013.03.01 22:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 22:23:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.01 22:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.24 13:16:22 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Yrre
[2013.02.24 13:16:22 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Efme
[2013.02.24 13:16:22 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Apyzc
[2013.02.15 17:14:54 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\Desktop\FÜR FP
[2013.02.15 15:05:15 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\Desktop\drucken
[2011.12.14 19:49:57 | 014,597,312 | ---- | C] (Mozilla) -- C:\Users\Timo & Nici\Firefox Setup 8.0.1.exe
[2010.06.03 21:30:14 | 007,981,569 | ---- | C] (DsNET) -- C:\Users\Timo & Nici\aTube300_Catcher.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.02 10:18:18 | 000,000,000 | ---- | M] () -- C:\Users\Timo & Nici\defogger_reenable
[2013.03.02 10:00:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job
[2013.03.02 10:00:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2013.03.02 09:31:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.02 09:27:07 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 09:27:07 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 08:34:11 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.02 08:34:11 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.02 08:34:11 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.02 08:34:11 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.02 08:27:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.02 08:26:58 | 3220,398,080 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 23:54:08 | 000,013,174 | ---- | M] () -- C:\Users\Timo & Nici\Desktop\Trojaner.odt
[2013.02.27 14:41:45 | 000,150,528 | ---- | M] () -- C:\Users\Timo & Nici\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.03 16:09:19 | 000,020,147 | ---- | M] () -- C:\Users\Timo & Nici\Documents\Haushaltsbuch_2013.ods
 
========== Files Created - No Company Name ==========
 
[2013.03.02 10:18:18 | 000,000,000 | ---- | C] () -- C:\Users\Timo & Nici\defogger_reenable
[2013.03.01 22:13:39 | 000,013,174 | ---- | C] () -- C:\Users\Timo & Nici\Desktop\Trojaner.odt
[2013.02.22 16:26:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 15:48:57 | 000,020,147 | ---- | C] () -- C:\Users\Timo & Nici\Documents\Haushaltsbuch_2013.ods
[2010.07.02 12:43:40 | 000,000,922 | ---- | C] () -- C:\Users\Timo & Nici\dm-Fotowelt.lnk
[2010.07.02 12:40:03 | 001,430,584 | ---- | C] () -- C:\Users\Timo & Nici\setup_dm_Fotowelt.exe
[2009.10.23 18:59:24 | 000,000,439 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Roaming\mdbu.bin
[2009.03.15 11:51:41 | 000,007,268 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\d3d9caps.dat
[2008.07.19 13:13:37 | 000,150,528 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.19 13:04:04 | 000,000,099 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008.11.06 13:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.24 13:16:22 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Apyzc
[2008.12.09 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Datalayer
[2013.02.24 13:16:22 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Efme
[2008.12.09 21:05:19 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Nokia
[2008.10.28 20:36:05 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\OpenOffice.org
[2008.07.19 17:05:19 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Packard Bell
[2008.12.09 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\PC Suite
[2010.10.16 14:42:03 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\ProtectDisc
[2010.05.29 17:52:04 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Western Digital
[2008.11.25 06:43:06 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\WordToPDF
[2013.03.01 23:32:25 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Yrre
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\yamaha.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\web to date Projekte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\VLC media player:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Unterlagen Allscheidt 6:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp Website Backup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp Webseite_Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SUP_31_22_Me_Ti.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Studie AB.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Stimmgabel_Yamaha.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Skript:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\s.n. Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Rückwärtszähler:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\restore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Personalausweis.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\MORITZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Immo-Seite alt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\HOCHZEIT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\fonts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Expose:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Erzeugte Websites:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Eigene Scans:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Driegeltrath:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\diverses:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Bewerbungen 2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Armin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\ap:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Andy Bewerbung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Am Kämpchen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\Nici Arbeit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\FÜR FP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\drucken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\bad:Roxio EMC Stream
         
Code:
ATTFilter
OTL Extras logfile created on: 02.03.2013 10:21:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo & Nici\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 54,99% Memory free
6,17 Gb Paging File | 4,92 Gb Available in Paging File | 79,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,88 Gb Total Space | 154,03 Gb Free Space | 67,00% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI | User Name: Timo & Nici | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC11D7A-382C-49F8-AA3B-7B35FDE53B1C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0F4BFA5A-C71E-455D-AE7F-F5A68AE23E0C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{498DF453-3FDD-4F81-B097-B7EE3234ADBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5BAB4981-7152-4864-BE83-249D7AB9BFF8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{89B82B15-10A0-4CDE-9D1E-21D8DA288F79}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9AB3BD36-957A-45BC-AB88-F8BD0DA8AA6A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9C7AA73D-5302-4758-9786-06E7C5756793}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9F9D628B-D5CC-492B-916D-CFEEF4BB4DB7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B32159DA-05A3-4F46-9AEE-8DFB7EBB00AD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D3FFA111-641E-4C85-944B-CBDBE1B6EF92}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EB2843-4BAD-45A7-8C4C-EEE8C4F61C0F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{1A283C4B-83A0-4FC6-A60C-F7996C884E81}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1C5D26BF-0135-42C9-937C-F082BF28E472}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{24E7E0C2-827A-4FFC-84A7-F7472161C0BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2760EC05-FA31-4066-978E-26BFDDF56CCD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2A3F5692-0F66-4D12-A07A-2108EDFF791A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{3B04681E-9960-4ECF-ADC7-9993027DE195}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{3BA5A97B-99B7-40F2-92D9-3B311B1CADA0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{3D789947-1327-4EEF-B3E6-43028595EADD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{4D86AED2-E850-4FEE-81D6-76FADBB6C8AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{51321EE3-2B2C-499B-BAE2-D3794DF724B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{5CC1B2E7-050A-4171-BB93-FC71AE0654F9}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{6EEBCFE1-77F9-407A-8035-2302F559C1AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{75471811-32B3-491C-8B91-471FD337E7E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{7E11796B-63C3-48E6-AA5D-24ABB742E2E5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{817612C7-132B-4470-94F6-B4E608F060A0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{81862F82-C575-46DC-927E-A02ED682CB3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{912788FE-1108-4A1E-AE8B-653AED257B96}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{AAA00D6A-FE8F-4EB1-A0EF-04C64567B148}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{B1E6296F-27A7-4CC4-BA7B-63107F773824}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B48DDAFB-DC2D-4C5D-B159-E77828CAD992}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{CC164EE3-DD36-4E7E-85DD-85015F4FDE1A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{D75BB2C3-09C3-47EB-946C-C4FCE83B1FE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{DB9E1049-2CB0-4610-AE1A-516EA7923C67}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{EC8EE595-2CD0-40E7-B58C-65089D827CD0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F29D12F9-59B2-4F8D-B240-9B1208072BAE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{FC967F93-3F0A-4900-8028-FD605B5390E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{1D9C37BF-9889-4518-A91E-4BE9C66AE32B}C:\program files\typo3\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files\typo3\apache\bin\apache.exe | 
"TCP Query User{215F2B8B-69B4-4479-BE58-A65B11CA1E20}D:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=d:\bin\ia\core\mdm_util.exe | 
"TCP Query User{226EAA1D-75FC-41B5-82E1-2017C0BEE8DE}C:\program files\data becker\web to date 6.0\ftptrans.exe" = protocol=6 | dir=in | app=c:\program files\data becker\web to date 6.0\ftptrans.exe | 
"TCP Query User{2737CBE0-3522-40B4-A97D-F0EEA5CED0C1}C:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe | 
"TCP Query User{45325262-C72D-4B8A-A66F-25C5692C5569}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{77108691-02CA-4890-81C7-F4754695413B}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{A2627E80-0276-4703-BA46-D45761074565}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"TCP Query User{A70D80E5-7405-4789-9EE9-F9D1239CA3B4}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"TCP Query User{A8C456CF-9343-47A0-9950-94A2CF7FA21A}C:\program files\data becker\web to date 7\ftptrans.exe" = protocol=6 | dir=in | app=c:\program files\data becker\web to date 7\ftptrans.exe | 
"TCP Query User{E6C36B1D-F62D-4E88-AD41-D46EAA6420B7}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{EF0ED677-FAE2-4C10-A9F8-88FD4AC899C1}C:\program files\typo3\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\typo3\mysql\bin\mysqld.exe | 
"UDP Query User{0620CE6A-7E94-4E8E-89CD-61692A2DEA80}C:\program files\data becker\web to date 7\ftptrans.exe" = protocol=17 | dir=in | app=c:\program files\data becker\web to date 7\ftptrans.exe | 
"UDP Query User{0EEB2791-3AB0-4455-9CC1-B9AF3D58AA86}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"UDP Query User{1533C1C0-2C97-40CF-99C4-93D4E938B7A5}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{1B112852-A4E6-42AD-9E59-01EEC3BE7878}C:\program files\data becker\web to date 6.0\ftptrans.exe" = protocol=17 | dir=in | app=c:\program files\data becker\web to date 6.0\ftptrans.exe | 
"UDP Query User{29AD8B41-42A4-4CD3-B042-FDA30F46D422}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{88B0C670-5185-45D7-8A4A-7236D2CE0541}D:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=d:\bin\ia\core\mdm_util.exe | 
"UDP Query User{B8A97F01-CCA5-4F14-83FD-C0E2EFCBFDC1}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{DF5EB59D-CDEA-4858-941C-EB824D638B33}C:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe | 
"UDP Query User{E4F94932-7A06-4756-AC64-49B8037DA944}C:\program files\typo3\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files\typo3\apache\bin\apache.exe | 
"UDP Query User{F21075C4-5505-4F23-88BE-AEA28ECC579C}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"UDP Query User{F255DEF9-AC6F-4CE5-BC06-78A6B9857B6C}C:\program files\typo3\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\typo3\mysql\bin\mysqld.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0C5A9DEB-AA63-E327-3067-28CC79EB61D8}" = CCC Help Spanish
"{0DE3F04D-1CB1-6481-F970-37DC56287F13}" = Catalyst Control Center Localization Polish
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1D70E271-4349-4802-BB77-8E8A23F37151}" = Catalyst Control Center Localization Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{221BA099-FA5F-EB6C-2B8B-D7B384D79D11}" = ccc-utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C00028-4CC9-2FC5-85CD-1C29FB5442C0}" = Catalyst Control Center Localization Norwegian
"{299FB8EC-CA61-2503-C75D-394A3932FCF3}" = CCC Help Thai
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E21BC34-652C-E8FA-4FC1-DDCE012D2ADE}" = Catalyst Control Center Graphics Light
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF3552A-C9FA-BD8D-D8E5-DA25E0E2A95A}" = CCC Help Russian
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{328E72CE-19EC-CE8D-0D39-B9EAFA3606EB}" = Catalyst Control Center Localization French
"{3595EF18-1946-9F0D-0A5E-54B682D63D43}" = CCC Help Greek
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{409BF604-40A9-C7E5-5644-BE3D70756F10}" = CCC Help Polish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{46E1FFFA-D9FC-DB9A-DD0D-FD0C754ED232}" = ccc-core-static
"{475CD8E7-132C-C303-4E8E-5792D284A2B2}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E49E9B4-9B3E-DFF2-AE86-39AF2A675755}" = Catalyst Control Center Localization Japanese
"{4E98EBDD-D4F5-C4EA-319A-F213763BE5A9}" = Catalyst Control Center Localization Thai
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5CFA2909-F2D4-D5F6-B122-D86638BD6118}" = Catalyst Control Center Localization Greek
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65663213-4239-02AB-29C7-0B23EBD30AFC}" = CCC Help Czech
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68F330AF-55AF-337A-B570-841517C5D174}" = CCC Help Turkish
"{69DAA768-DE42-46F4-BBAB-1E2CE5F90BAE}" = WPC-EASY-V1.2-DEMO  1.2
"{6AF47E58-84F4-0453-9277-5AB5F202AC88}" = CCC Help Chinese Traditional
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C7A02F0-0ADE-00D1-5EEB-B3495AE33371}" = CCC Help Finnish
"{6CB09473-7C20-7844-1CC0-29D0C51884AE}" = Catalyst Control Center Localization Portuguese
"{6D69A2C1-7194-AE60-4AD6-1477C14ED50D}" = Catalyst Control Center Localization Finnish
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77F7B355-0612-B4D0-250E-701DC65ED26B}" = Catalyst Control Center Localization Danish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B1145B0-2B0E-72CA-DF99-924944747C49}" = CCC Help Italian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E65D89E-B956-880E-4DDE-9DE48B13A6A0}" = Catalyst Control Center Localization Spanish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{944523A5-F9DF-0C73-4C7E-8F95A489BEA9}" = Catalyst Control Center Core Implementation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9665D8CE-8BB9-EE1E-8543-BDAD785AD7B4}" = Catalyst Control Center Localization Russian
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C20015F-B6F3-69E1-C222-4A96B0D1ECA2}" = CCC Help Danish
"{A17A5A40-6BD8-2E81-2148-6D85C45BBC08}" = Catalyst Control Center Localization Czech
"{A2046E31-D0A9-395E-42FC-195611A3D263}" = Catalyst Control Center Localization Chinese Traditional
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABE7F67B-9B82-D0B8-98A0-0B9857044BD9}" = Catalyst Control Center Localization Swedish
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B377CFB6-3DC9-DB9A-0FD6-F62B9656BAD7}" = CCC Help Norwegian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{BBD6AE19-4BF2-F279-723A-FFE703C7BE35}" = CCC Help Japanese
"{BCBF5C93-EAF3-D3E1-56A0-E20905B6F0A5}" = CCC Help Chinese Standard
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8E571C4-0754-1D8B-E08E-04A3AE8FB807}" = Catalyst Control Center Localization Dutch
"{C9F12EC7-17B7-11DF-5823-D6667B33CE86}" = Catalyst Control Center Localization Korean
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A55340-F289-772A-FCF6-A4A3209CE863}" = CCC Help German
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC22B4FF-0500-9C3C-9645-0E192888480D}" = Catalyst Control Center Localization German
"{DDED2BA7-FE4E-1183-FDCF-348A4BE362A7}" = CCC Help Hungarian
"{DE376A2C-7964-617C-CB94-C2D1E9B6B24A}" = Catalyst Control Center Localization Italian
"{E2498002-042E-2D61-6578-42D995B021F2}" = CCC Help French
"{E2FCC9D2-AE19-9DA3-FDF8-58594C80126D}" = Catalyst Control Center Localization Chinese Standard
"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver
"{E82C6C1A-1258-ACE3-9061-2FA3FAF40398}" = Catalyst Control Center Localization Hungarian
"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager
"{EB89DC4E-A3C2-A1ED-4689-F95CF3E07CCA}" = CCC Help English
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE23EF27-B925-4A27-E2C7-1D9E5B038DD8}" = CCC Help Swedish
"{EE247152-BFC5-9C7B-E19F-A57BFF5FEB9C}" = CCC Help Korean
"{EF0F5226-0C5B-83C9-65CB-58F6D3E22F6B}" = Catalyst Control Center Graphics Full Existing
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7EFB45A-0244-02A2-E9E2-C6A1E7E3D3EB}" = CCC Help Portuguese
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FFC18C10-E04D-D93B-5029-A66B086BBEC7}" = Catalyst Control Center Graphics Full New
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"AdobeReader" = Adobe Reader 8
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 1.2.3
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CREATOR9" = Creator 9
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FirefoxDE" = Firefox
"Flashplayer" = Flash Player 9 Internet Explorer
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"FtpPilot" = FtpPilot
"GOOGLE_EARTH" = Google Earth
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"LCDTest" = Packard Bell LCD Test
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"METABOLI" = Metaboli
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"N360_2007_DE" = Norton 360
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SETUPMYPC_DE" = SetUp My PC
"Shockwave" = Shockwave player 10
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Updator" = Packard Bell Updator
"VLC media player" = VLC media player 1.1.10
"web to date 7_is1" = DATA BECKER web to date 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WordToPDF_is1" = WordToPDF 2.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Kies Air Discovery Service" = Kies Air Discovery Service
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.03.2013 15:03:26 | Computer Name = Lappi | Source = VSS | ID = 8194
Description = 
 
Error - 01.03.2013 16:16:54 | Computer Name = Lappi | Source = MsiInstaller | ID = 11730
Description = 
 
Error - 01.03.2013 17:15:45 | Computer Name = Lappi | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 01.03.2013 17:15:57 | Computer Name = Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.03.2013 17:21:52 | Computer Name = Lappi | Source = WerSvc | ID = 5007
Description = 
 
Error - 01.03.2013 18:55:55 | Computer Name = Lappi | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 01.03.2013 18:56:11 | Computer Name = Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.03.2013 03:27:58 | Computer Name = Lappi | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 02.03.2013 03:28:08 | Computer Name = Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.03.2013 03:31:18 | Computer Name = Lappi | Source = WerSvc | ID = 5007
Description = 
 
[ System Events ]
Error - 01.03.2013 18:54:38 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 2, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.03.2013 18:54:38 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 4, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.03.2013 18:54:38 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.03.2013 18:54:39 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.03.2013 18:56:30 | Computer Name = Lappi | Source = DCOM | ID = 10010
Description = 
 
Error - 01.03.2013 18:56:44 | Computer Name = Lappi | Source = BROWSER | ID = 8017
Description = 
 
Error - 02.03.2013 03:26:41 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 2, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 02.03.2013 03:26:41 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 4, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 02.03.2013 03:26:41 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 02.03.2013 03:26:42 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
 
< End of report >
         
Bei Gmer (3 mal versucht) kam immer eine Fehlermeldung (2 mal ist der Laptop sogar einfach mittendrin runtergefahren). Habe ich da was verkehrt gemacht? Das wurde angezeigt:

Code:
ATTFilter
Problemsignatur:
  Problemereignisname:	BlueScreen
  Betriebsystemversion:	6.0.6000.2.0.0.768.3
  Gebietsschema-ID:	1031

Zusatzinformationen zum Problem:
  BCCode:	1000008e
  BCP1:	C0000005
  BCP2:	8244785D
  BCP3:	A0E57A54
  BCP4:	00000000
  OS Version:	6_0_6000
  Service Pack:	0_0
  Product:	768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
  C:\Windows\Minidump\Mini030213-02.dmp
  C:\Users\Timo & Nici\AppData\Local\Temp\WER-90449-0.sysdata.xml
  C:\Users\Timo & Nici\AppData\Local\Temp\WERA15D.tmp.version.txt
         


Ich hoffe das war alles, was ihr braucht - sonst reiche ich gerne nach!

Was habe ich denn da genau? Bei der Commerzbank habe ich schon darum gebeten, den Zugang zu sperren und neue Daten zu schicken. Muss ich auch alle meine Passwörter (über Handy oder so) ändern? Kann jemand jetzt Spam über meinen Account verschicken? Fragen über Fragen - sorry!

Ich drücke die Daumen, dass das wieder wird und bin dankbar für eure Hilfe und evtl. Tipps für ein gutes (gerne kostenfreies oder günstiges) Antiviren-Programm o.ä. Jetzt bin ich ja schlauer

Also, vielen vielen Dank für Anweisungen (bin nicht ganz so bewandert in Sachen Technik)

Gruß, Nici

Alt 02.03.2013, 18:16   #2
M-K-D-B
/// TB-Ausbilder
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Du bist immer noch mit einem Trojaner infiziert, der u. a. Bankdaten ausspioniert!
Ändere umgehend von einem sauberen Rechner alle Zugangsdaten und Passwörter!








Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.
__________________


Alt 02.03.2013, 19:43   #3
nici_st
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)



Hallo Matthias,

vielen Dank, dass du so schnell Zeit für mein Problem hattest!

Hier die Ergebnisse:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 02/03/2013 um 19:02:32 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium  (32 bits)
# Benutzer : Timo & Nici - LAPPI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Timo & Nici\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla FireFox\Components\AskHPRFF.js
Datei Gelöscht : C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Softonic_Deutsch
Ordner Gelöscht : C:\Users\Timo & Nici\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Timo & Nici\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Timo & Nici\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Timo & Nici\AppData\LocalLow\Softonic_Deutsch
Ordner Gelöscht : C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\CT1351351
Ordner Gelöscht : C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
Ordner Gelöscht : C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\TIMO&N~1\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Softonic_Deutsch
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_Deutsch Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C361D9DE-BD9B-43CC-9EE5-B7FBA8BD8684}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch Toolbar
Schlüssel Gelöscht : HKLM\Software\Softonic_Deutsch
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6000.16982

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v8.0.1 (de)

Datei : C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\prefs.js

C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT1351351.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT1351351.CTID", "CT1351351");
Gelöscht : user_pref("CT1351351.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT1351351.EMailNotifierPollDate", "Fri Jul 24 2009 10:32:49 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedLastCount128311388426518939", 445);
Gelöscht : user_pref("CT1351351.FeedPollDate128394382574669410", "Thu Jul 23 2009 22:33:29 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128394382574669411", "Thu Jul 23 2009 22:33:29 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128394382574669412", "Thu Jul 23 2009 22:33:29 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128394382574669413", "Thu Jul 23 2009 22:33:29 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128394382574669414", "Thu Jul 23 2009 22:33:29 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128559429569307240", "Thu Jul 23 2009 22:33:29 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128801410134769526", "Fri Jul 24 2009 10:32:48 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128801410271643768", "Fri Jul 24 2009 10:32:48 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128801410648675207", "Fri Jul 24 2009 10:32:48 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128801410803831945", "Fri Jul 24 2009 10:32:48 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128801411020863399", "Fri Jul 24 2009 10:32:48 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128801411145707150", "Fri Jul 24 2009 10:32:48 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128801411258362590", "Fri Jul 24 2009 10:32:48 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128801411369456587", "Fri Jul 24 2009 10:32:48 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128801411490081588", "Fri Jul 24 2009 10:32:48 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128801411659613144", "Fri Jul 24 2009 10:32:48 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128801411801956980", "Fri Jul 24 2009 10:32:49 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedPollDate128801411974300317", "Fri Jul 24 2009 10:32:49 GMT+0200");
Gelöscht : user_pref("CT1351351.FeedTTL128801411258362590", 5);
Gelöscht : user_pref("CT1351351.FeedTTL128801411490081588", 30);
Gelöscht : user_pref("CT1351351.FeedTTL128801411974300317", 5);
Gelöscht : user_pref("CT1351351.FirstTime", true);
Gelöscht : user_pref("CT1351351.FirstTimeFF3", true);
Gelöscht : user_pref("CT1351351.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT1351351.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT1351351.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT1351351.Initialize", true);
Gelöscht : user_pref("CT1351351.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT1351351.InstalledDate", "Thu Jul 23 2009 22:33:30 GMT+0200");
Gelöscht : user_pref("CT1351351.InvalidateCache", false);
Gelöscht : user_pref("CT1351351.IsGrouping", false);
Gelöscht : user_pref("CT1351351.IsMulticommunity", false);
Gelöscht : user_pref("CT1351351.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT1351351.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT1351351.LanguagePackLastCheckTime", "Thu Jul 23 2009 22:37:52 GMT+0200");
Gelöscht : user_pref("CT1351351.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT1351351.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT1351351.LastLogin_2.1.0.19", "Fri Jul 24 2009 10:32:47 GMT+0200");
Gelöscht : user_pref("CT1351351.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT1351351.Locale", "de-de");
Gelöscht : user_pref("CT1351351.LoginCache", 4);
Gelöscht : user_pref("CT1351351.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT1351351.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT1351351.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT1351351.RadioIsPodcast", false);
Gelöscht : user_pref("CT1351351.RadioLastCheckTime", "Thu Jul 23 2009 22:33:29 GMT+0200");
Gelöscht : user_pref("CT1351351.RadioLastUpdateIPServer", "4");
Gelöscht : user_pref("CT1351351.RadioLastUpdateServer", "128921304357130000");
Gelöscht : user_pref("CT1351351.RadioMediaID", "10531746");
Gelöscht : user_pref("CT1351351.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT1351351.RadioMenuSelectedID", "EBRadioMenu_CT135135110531746");
Gelöscht : user_pref("CT1351351.RadioStationName", "Antenne%20Bayern%20Top%2040");
Gelöscht : user_pref("CT1351351.RadioStationURL", "hxxp://channels.webradio.antenne.de/top-40");
Gelöscht : user_pref("CT1351351.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT1351351.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT1351351.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT135[...]
Gelöscht : user_pref("CT1351351.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT1351351.SettingsLastCheckTime", "Fri Jul 24 2009 10:32:47 GMT+0200");
Gelöscht : user_pref("CT1351351.SettingsLastUpdate", "1247818682");
Gelöscht : user_pref("CT1351351.ThirdPartyComponentsInterval", 72);
Gelöscht : user_pref("CT1351351.ThirdPartyComponentsLastCheck", "Thu Jul 23 2009 22:33:28 GMT+0200");
Gelöscht : user_pref("CT1351351.ThirdPartyComponentsLastUpdate", "1247818682");
Gelöscht : user_pref("CT1351351.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT1351351.UserID", "UN23650849864647583");
Gelöscht : user_pref("CT1351351.WeatherNetwork", "");
Gelöscht : user_pref("CT1351351.WeatherPollDate", "Fri Jul 24 2009 10:32:48 GMT+0200");
Gelöscht : user_pref("CT1351351.WeatherUnit", "C");
Gelöscht : user_pref("CT1351351.alertChannelId", "669");
Gelöscht : user_pref("CT1351351.clientLogIsEnabled", true);
Gelöscht : user_pref("CT1351351.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT1351351.myStuffEnabled", true);
Gelöscht : user_pref("CT1351351.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT1351351.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=E[...]
Gelöscht : user_pref("CT1351351.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT1351351.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT1351351.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT1351351");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT1351351");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Softonic Deutsch Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

*************************

AdwCleaner[S1].txt - [17549 octets] - [02/03/2013 19:02:32]

########## EOF - C:\AdwCleaner[S1].txt - [17610 octets] ##########
         
--- --- ---



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows Vista (TM) Home Premium x86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Failed to delete: [Registry Key] "hkey_local_machine\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\scheduled update for ask toolbar" 



~~~ Files



~~~ Folders



~~~ FireFox


user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Users\Timo & Nici\AppData\Roaming\mozilla\firefox\profiles\xz671v2w.default\minidumps [54 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.03.2013 at 19:15:31,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-03-01.01 - Timo & Nici 02.03.2013  19:22:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.3071.1933 [GMT 1:00]
ausgeführt von:: c:\users\Timo & Nici\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\Timo & Nici\AppData\Roaming\Efme
c:\users\Timo & Nici\AppData\Roaming\Efme\vuury.exe
c:\users\Timo & Nici\Documents\VLC media player\VLC media player.exe
c:\users\Timo & Nici\setup_dm_Fotowelt.exe
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-02 bis 2013-03-02  ))))))))))))))))))))))))))))))
.
.
2013-03-02 18:31 . 2013-03-02 18:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-02 18:11 . 2013-03-02 18:11	--------	d-----w-	c:\windows\ERUNT
2013-03-02 18:11 . 2013-03-02 18:11	--------	d-----w-	C:\JRT
2013-03-01 21:23 . 2013-03-01 21:23	--------	d-----w-	c:\users\Timo & Nici\AppData\Roaming\Malwarebytes
2013-03-01 21:23 . 2013-03-01 21:23	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-01 21:23 . 2013-03-01 21:23	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-03-01 21:23 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-01 19:00 . 2013-02-19 02:58	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{964630CA-0BE8-4A92-96A5-119C196710AD}\mpengine.dll
2013-02-26 18:58 . 2013-02-26 18:57	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-24 12:16 . 2013-03-02 18:10	--------	d-----w-	c:\users\Timo & Nici\AppData\Roaming\Yrre
2013-02-24 12:16 . 2013-02-24 12:16	--------	d-----w-	c:\users\Timo & Nici\AppData\Roaming\Apyzc
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-26 18:57 . 2012-12-31 20:16	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-26 18:57 . 2012-12-31 20:16	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-26 18:43 . 2013-01-15 13:40	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-26 18:43 . 2013-01-15 13:40	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-17 00:28 . 2011-03-19 17:49	232336	------w-	c:\windows\system32\MpSigStub.exe
2009-01-27 01:34 . 2009-01-27 01:34	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-11-21 04:21 . 2011-12-14 18:51	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1312654687-3428442780-377800408-1002]
"EnableNotificationsRef"=dword:00000003
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-15 18:43]
.
2013-03-02 c:\windows\Tasks\Erweiterte Garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-04-23 16:38]
.
2013-03-02 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-04-23 16:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: !HIDDEN! 2008-04-23 10:28; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2009-12-28 14:32; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Atqytya - c:\users\Timo & Nici\AppData\Roaming\Efme\vuury.exe
HKCU-Run-VLC media player - c:\users\Timo & Nici\Documents\VLC media player\VLC media player.exe
HKCU-RunOnce-VLC media player - c:\users\Timo & Nici\Documents\VLC media player\VLC media player.exe
AddRemove-Adobe Photoshop Elements 1.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-FtpPilot - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-02 19:31
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-03-02  19:34:15
ComboFix-quarantined-files.txt  2013-03-02 18:33
.
Vor Suchlauf: 8 Verzeichnis(se), 166.300.987.392 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 167.841.222.656 Bytes frei
.
- - End Of File - - 1DE33440D12319158D4C3019B13EF1C7
         
--- --- ---


Danke!!!

Viele Grüße,
Nici
__________________

Alt 03.03.2013, 12:40   #4
M-K-D-B
/// TB-Ausbilder
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)



Servus Nici,


das sieht schon deutlich besser aus.

Wir sind aber noch nicht fertig.

So geht es weiter:



Schritt 1
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    Folder::
    c:\users\Timo & Nici\AppData\Roaming\Yrre
    c:\users\Timo & Nici\AppData\Roaming\Apyzc
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!







Schritt 2
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.





Schritt 3
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :filefind
    *Ask.com*
    *Conduit*
    *Softonic*
    *OpenCandy*
    *AskSearch*
    *Ask Toolbar*
    
    :folderfind
    Ask.com*
    Conduit*
    Softonic*
    OpenCandy*
    AskSearch*
    Ask Toolbar*
    
    :regfind
    Ask.com
    Conduit
    Softonic
    OpenCandy
    AskSearch
    Ask Toolbar
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die Logdatei von OTL,
  • die Logdatei von SystemLook.

Alt 03.03.2013, 14:46   #5
nici_st
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)



Hi Matthias,

alles erledigt:


Combofix Logfile:
Code:
ATTFilter
ComboFix 13-03-02.01 - Timo & Nici 03.03.2013  13:58:44.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.3071.1757 [GMT 1:00]
ausgeführt von:: c:\users\Timo & Nici\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Timo & Nici\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Timo & Nici\AppData\Roaming\Apyzc
c:\users\Timo & Nici\AppData\Roaming\Apyzc\oksai.emt
c:\users\Timo & Nici\AppData\Roaming\Yrre
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-03 bis 2013-03-03  ))))))))))))))))))))))))))))))
.
.
2013-03-03 13:05 . 2013-03-03 13:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-03 12:18 . 2013-03-03 12:18	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2013-03-03 12:18 . 2013-03-03 12:18	588728	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2013-03-03 12:18 . 2013-03-03 12:18	129976	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice.exe
2013-03-03 12:18 . 2013-03-03 12:18	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2013-03-03 12:18 . 2013-03-03 12:18	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
2013-03-03 12:18 . 2013-03-03 12:18	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2013-03-03 12:18 . 2013-03-03 12:18	43960	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2013-03-03 12:18 . 2013-03-03 12:18	157352	----a-w-	c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2013-03-02 18:11 . 2013-03-02 18:11	--------	d-----w-	c:\windows\ERUNT
2013-03-02 18:11 . 2013-03-02 18:11	--------	d-----w-	C:\JRT
2013-03-01 21:23 . 2013-03-01 21:23	--------	d-----w-	c:\users\Timo & Nici\AppData\Roaming\Malwarebytes
2013-03-01 21:23 . 2013-03-01 21:23	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-01 21:23 . 2013-03-01 21:23	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-03-01 21:23 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-01 19:00 . 2013-02-19 02:58	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{964630CA-0BE8-4A92-96A5-119C196710AD}\mpengine.dll
2013-02-26 18:58 . 2013-02-26 18:57	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-26 18:57 . 2012-12-31 20:16	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-02-26 18:57 . 2012-12-31 20:16	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-26 18:43 . 2013-01-15 13:40	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-26 18:43 . 2013-01-15 13:40	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-17 00:28 . 2011-03-19 17:49	232336	------w-	c:\windows\system32\MpSigStub.exe
2009-01-27 01:34 . 2009-01-27 01:34	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2013-03-03 12:18 . 2011-12-14 18:51	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 1120568]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Atqytya"="c:\users\Timo & Nici\AppData\Roaming\Efme\vuury.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1312654687-3428442780-377800408-1002]
"EnableNotificationsRef"=dword:00000003
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-15 18:43]
.
2013-03-03 c:\windows\Tasks\Erweiterte Garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-04-23 16:38]
.
2013-03-03 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-04-23 16:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: !HIDDEN! 2008-04-23 10:28; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2009-12-28 14:32; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-03 14:05
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-03-03  14:07:04
ComboFix-quarantined-files.txt  2013-03-03 13:07
ComboFix2.txt  2013-03-02 18:34
.
Vor Suchlauf: 11 Verzeichnis(se), 167.348.310.016 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 167.330.250.752 Bytes frei
.
- - End Of File - - 9356D07E9A05C8B70F24524B7A531DE9
         
--- --- ---


Ich musste keine Dateien hochladen.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.03.2013 14:24:14 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo & Nici\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,22% Memory free
6,17 Gb Paging File | 5,03 Gb Available in Paging File | 81,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,88 Gb Total Space | 155,89 Gb Free Space | 67,81% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI | User Name: Timo & Nici | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.02 10:21:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo & Nici\Downloads\OTL.exe
PRC - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.24 18:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010.03.02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.11.13 10:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009.11.13 10:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009.11.13 10:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009.06.16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.09.30 16:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008.09.30 16:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2007.08.09 12:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.07.19 14:32:34 | 001,120,568 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2007.04.19 10:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.11 10:40:22 | 000,232,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2007.01.11 10:40:18 | 000,017,656 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006.12.18 16:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.02 10:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.27 11:18:58 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\10fc12b6bf6510f0b967d20a2b04c476\Microsoft.VisualBasic.ni.dll
MOD - [2011.03.27 11:18:26 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\31729b33207d1093721f9e943302b900\System.Management.ni.dll
MOD - [2011.03.23 06:14:23 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll
MOD - [2011.03.23 06:14:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll
MOD - [2011.03.22 19:51:58 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45d73bf5a07b8fd8a12fcf7d68e9b318\System.Data.ni.dll
MOD - [2011.03.22 19:51:11 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll
MOD - [2011.03.22 19:50:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll
MOD - [2011.03.22 19:50:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
MOD - [2011.03.22 19:50:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll
MOD - [2011.03.22 19:50:33 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ba71341e41687591124f9a5680cb0981\System.ServiceProcess.ni.dll
MOD - [2011.03.22 19:49:50 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2011.03.22 19:49:19 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2009.08.19 14:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009.07.29 14:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008.07.29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.07.27 19:00:27 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2008.07.27 19:00:26 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008.07.27 19:00:17 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.07.27 19:00:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.27 19:00:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.resources.dll
MOD - [2008.04.23 09:20:56 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2700.36866__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:56 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2700.36824__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:56 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2700.36879__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:56 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2700.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2700.36859__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2700.36879__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2700.36844__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:55 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2700.37128__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2700.37044__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2700.36979__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:25 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2700.37052__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2700.37121__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2700.37134__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2700.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:25 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2700.36837__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2700.37051__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2700.37120__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:24 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2700.36989__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2700.36893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2700.36845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2700.37072__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2700.37031__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2700.36900__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:24 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2700.36886__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2700.37010__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2700.36987__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2700.36899__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2700.37010__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2700.36980__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:23 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2700.36973__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2700.36979__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2700.36986__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.04.23 09:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2700.37030__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.04.23 09:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.04.23 09:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.04.23 09:20:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.04.23 09:20:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.04.23 09:20:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2665.42197__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.04.23 09:20:15 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2700.37103_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2008.04.23 09:20:14 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2700.37157__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.04.23 09:20:14 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2700.36821__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.04.23 09:20:11 | 001,503,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2700.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.04.23 09:20:11 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2700.36852__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.04.23 09:20:11 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2700.37103__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.04.23 09:20:11 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2700.37112__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.04.23 09:20:11 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2700.36823__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.04.23 09:20:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2700.37110__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.04.23 09:20:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.04.23 09:20:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.04.23 09:20:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.04.23 09:20:11 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.04.23 09:20:10 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2700.36823__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.04.23 09:20:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2700.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.04.23 09:20:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2700.37112__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.04.23 09:20:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.04.23 09:20:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.05.25 05:52:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.01.11 10:02:14 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2013.03.03 13:18:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.26 19:43:50 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.11.13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009.06.16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.04.23 18:13:37 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\TIMO&N~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.02.13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.05.27 10:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.05.27 10:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.05.27 10:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.05.27 10:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.05.27 10:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.05.27 10:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.05.27 10:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2007.07.30 15:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.07.12 11:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007.05.25 06:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.23 04:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.10.30 09:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 127.0.0.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.1.0.19
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Timo & Nici\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 14:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.03 13:18:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.31 21:31:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 14:32:27 | 000,000,000 | ---D | M]
 
[2008.08.31 17:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Extensions
[2013.03.02 19:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions
[2011.07.15 18:10:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.12.31 21:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.04.23 09:28:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.12.31 21:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013.03.03 13:18:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.03 13:18:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.03 13:18:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.03 13:18:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.03 13:18:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.03 13:18:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.03 13:18:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.03 14:05:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKCU..\Run: [Atqytya] "C:\Users\Timo & Nici\AppData\Roaming\Efme\vuury.exe" File not found
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - Startup: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EA77E1D-1647-4FB5-91BE-213D9B625ACB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE063151-8F8A-4790-BB35-6C01A3D017D6}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.03 14:07:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.03 13:56:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.03 13:21:28 | 005,036,301 | R--- | C] (Swearware) -- C:\Users\Timo & Nici\Desktop\ComboFix.exe
[2013.03.03 13:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.03.03 13:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.03.02 19:18:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.02 19:18:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.02 19:18:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.02 19:18:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013.03.02 19:18:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.02 19:18:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.02 19:11:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.02 19:11:41 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.02 19:11:18 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Timo & Nici\Desktop\JRT.exe
[2013.03.01 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Malwarebytes
[2013.03.01 22:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 22:23:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.01 22:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.15 17:14:54 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\Desktop\FÜR FP
[2013.02.15 15:05:15 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\Desktop\drucken
[2011.12.14 19:49:57 | 014,597,312 | ---- | C] (Mozilla) -- C:\Users\Timo & Nici\Firefox Setup 8.0.1.exe
[2010.06.03 21:30:14 | 007,981,569 | ---- | C] (DsNET) -- C:\Users\Timo & Nici\aTube300_Catcher.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.03 14:17:55 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 14:17:55 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 14:05:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.03 14:00:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job
[2013.03.03 14:00:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2013.03.03 13:31:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.03 13:21:36 | 005,036,301 | R--- | M] (Swearware) -- C:\Users\Timo & Nici\Desktop\ComboFix.exe
[2013.03.03 13:17:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.02 19:11:29 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Timo & Nici\Desktop\JRT.exe
[2013.03.02 19:11:20 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.02 19:11:20 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.02 19:11:20 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.02 19:11:20 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.02 19:04:06 | 3220,398,080 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.02 18:59:41 | 000,594,019 | ---- | M] () -- C:\Users\Timo & Nici\Desktop\adwcleaner.exe
[2013.03.02 14:47:52 | 000,018,280 | ---- | M] () -- C:\Users\Timo & Nici\Desktop\Trojaner.odt
[2013.03.02 14:37:33 | 323,234,691 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.02 10:18:18 | 000,000,000 | ---- | M] () -- C:\Users\Timo & Nici\defogger_reenable
[2013.02.27 14:41:45 | 000,150,528 | ---- | M] () -- C:\Users\Timo & Nici\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.03 16:09:19 | 000,020,147 | ---- | M] () -- C:\Users\Timo & Nici\Documents\Haushaltsbuch_2013.ods
 
========== Files Created - No Company Name ==========
 
[2013.03.02 19:18:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.02 19:18:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.02 19:18:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.02 19:18:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.02 19:18:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.02 18:59:33 | 000,594,019 | ---- | C] () -- C:\Users\Timo & Nici\Desktop\adwcleaner.exe
[2013.03.02 10:18:18 | 000,000,000 | ---- | C] () -- C:\Users\Timo & Nici\defogger_reenable
[2013.03.01 22:13:39 | 000,018,280 | ---- | C] () -- C:\Users\Timo & Nici\Desktop\Trojaner.odt
[2013.02.22 16:26:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 15:48:57 | 000,020,147 | ---- | C] () -- C:\Users\Timo & Nici\Documents\Haushaltsbuch_2013.ods
[2010.07.02 12:43:40 | 000,000,922 | ---- | C] () -- C:\Users\Timo & Nici\dm-Fotowelt.lnk
[2009.10.23 18:59:24 | 000,000,439 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Roaming\mdbu.bin
[2009.03.15 11:51:41 | 000,007,268 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\d3d9caps.dat
[2008.07.19 13:13:37 | 000,150,528 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.19 13:04:04 | 000,000,099 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008.11.06 13:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.12.09 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Datalayer
[2008.12.09 21:05:19 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Nokia
[2008.10.28 20:36:05 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\OpenOffice.org
[2008.07.19 17:05:19 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Packard Bell
[2008.12.09 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\PC Suite
[2010.10.16 14:42:03 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\ProtectDisc
[2010.05.29 17:52:04 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Western Digital
[2008.11.25 06:43:06 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\WordToPDF
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\yamaha.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\web to date Projekte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\VLC media player:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Unterlagen Allscheidt 6:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp Website Backup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp Webseite_Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SUP_31_22_Me_Ti.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Studie AB.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Stimmgabel_Yamaha.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Skript:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\s.n. Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Rückwärtszähler:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\restore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Personalausweis.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\MORITZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Immo-Seite alt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\HOCHZEIT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\fonts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Expose:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Erzeugte Websites:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Eigene Scans:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Driegeltrath:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\diverses:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Bewerbungen 2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Armin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\ap:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Andy Bewerbung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Am Kämpchen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\Nici Arbeit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\FÜR FP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\drucken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\bad:Roxio EMC Stream

< End of report >
         
--- --- ---


Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 14:34 on 03/03/2013 by Timo & Nici
Administrator - Elevation successful

========== filefind ==========

Searching for "*Ask.com*"
No files found.

Searching for "*Conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll	--a---- 1206160 bytes	[22:32 09/08/2012]	[22:32 09/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46
C:\Users\Timo & Nici\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2CYR6CV8\conduit_app[1].htm	--a---- 918 bytes	[15:23 16/01/2013]	[15:23 16/01/2013] 561A98CBA66A8071CE43BC280B9D536F
C:\Users\Timo & Nici\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\85OEYI4B\conduit[1].js	--a---- 3060 bytes	[15:23 16/01/2013]	[15:23 16/01/2013] C7279E08EC2A001244B2112BF56ADC44
C:\Users\Timo & Nici\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E6HJ0EJZ\conduit.min[1].css	--a---- 575 bytes	[15:23 16/01/2013]	[15:23 16/01/2013] 7A5EE7FA4B4FDFDF7AA6D633588BFAD7
C:\Users\Timo & Nici\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E6HJ0EJZ\topix-conduit-localnews-small.2[1].htm	--a---- 2200 bytes	[15:24 22/10/2010]	[15:24 22/10/2010] DA9B15C81B1527B7390BBF9A41D2EB4D
C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\Low\timo_&_nici@cmg1.conduit-widgets[1].txt	--a---- 390 bytes	[18:18 18/12/2012]	[18:40 25/02/2013] 26995460C13AF96E9C1858FACD2E7B33
C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\Low\timo_&_nici@users.conduit[1].txt	--a---- 98 bytes	[18:04 13/12/2011]	[18:04 13/12/2011] E43FD1E47FC130133928C79BF2991DAE

Searching for "*Softonic*"
No files found.

Searching for "*OpenCandy*"
No files found.

Searching for "*AskSearch*"
No files found.

Searching for "*Ask Toolbar*"
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar	--a---- 3820 bytes	[10:33 15/03/2012]	[12:05 07/02/2013] 03FBE64AC9BFDB0682CA14E7CCB4CD02

========== folderfind ==========

Searching for "Ask.com*"
No folders found.

Searching for "Conduit*"
No folders found.

Searching for "Softonic*"
C:\Windows\System32\config\Timo & Nici\AppData\LocalLow\Softonic_Deutsch	d------	[11:32 31/12/2010]

Searching for "OpenCandy*"
C:\Program Files\DsNET Corp\aTube Catcher 1.0\aTube Catcher 2.0\OpenCandy	d------	[18:48 25/08/2010]

Searching for "AskSearch*"
No folders found.

Searching for "Ask Toolbar*"
No folders found.

========== regfind ==========

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\extensions\toolbar@ask.com\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\extensions\toolbar@ask.com\chrome\temp\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Ask.com\Updater\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Ask.com\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\extensions\toolbar@ask.com\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\extensions\toolbar@ask.com\chrome\content\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\extensions\toolbar@ask.com\chrome\skin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\extensions\toolbar@ask.com\defaults\preferences\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\extensions\toolbar@ask.com\defaults\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\extensions\toolbar@ask.com\searchplugins\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Ask.com\assets\oobe\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Ask.com\assets\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files\Ask.com\assets\oobe\b.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files\Ask.com\Updater\Updater.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files\Ask.com\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720]
"A28B4D68DEBAA244EB686953B7074FEF"="C:\Program Files\Ask.com\"

Searching for "Conduit"
No data found.

Searching for "Softonic"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\b20cb3df-df8d-420f-a7e1-54fa2f38b7a9]
"AppPath"="C:\Program Files\Softonic_Deutsch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\b20cb3df-df8d-420f-a7e1-54fa2f38b7a9]
"AppName"="Softonic_DeutschToolbarHelper.exe"

Searching for "OpenCandy"
[HKEY_LOCAL_MACHINE\SOFTWARE\aTube Catcher\OpenCandy]

Searching for "AskSearch"
No data found.

Searching for "Ask Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8683E992-A461-4A15-B82D-2031F16CF54A}]
"Path"="\Scheduled Update for Ask Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar]

Searching for "         "
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Kies Air Discovery Service]
"Comments"="Discover and connect to Kies Air devices                    "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0000]
"DriverDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0000]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0008]
"DriverDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0008]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0011]
"DriverDesc"="CCR-60          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0011]
"FriendlyName"="CCR-60          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"DriverDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0022]
"DriverDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0022]
"FriendlyName"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0023]
"DriverDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0023]
"FriendlyName"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0025]
"DriverDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0025]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0032]
"DriverDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0032]
"FriendlyName"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0033]
"DriverDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0033]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0034]
"DriverDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0034]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0035]
"DriverDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0035]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0043]
"DriverDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0043]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#10021055004392&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#10021055004392&0#]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_2.00#138942141873&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_2.00#138942141873&0#]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_CCR-60&REV_9407#07101500000A&0#]
"DeviceDesc"="CCR-60          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_CCR-60&REV_9407#07101500000A&0#]
"FriendlyName"="CCR-60          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E1EC954&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E1EC954&0#]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E45C45B&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E45C45B&0#]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_IT1162&PROD_&REV_1.00#1D526E74B7B4FB&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_IT1162&PROD_&REV_1.00#1D526E74B7B4FB&0#]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356918031293478&0#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356918031293478&0#]
"FriendlyName"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356918031293478&1#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356918031293478&1#]
"FriendlyName"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.02#173800160C53345B&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.02#173800160C53345B&0#]
"FriendlyName"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90A61E00FFAF27E1&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90A61E00FFAF27E1&0#]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90A61E00FFFF1BAC&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90A61E00FFFF1BAC&0#]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90B40200FFBF0667&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90B40200FFBF0667&0#]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0000]
"DriverDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0000]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0008]
"DriverDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0008]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0011]
"DriverDesc"="CCR-60          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0011]
"FriendlyName"="CCR-60          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"DriverDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0022]
"DriverDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0022]
"FriendlyName"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0023]
"DriverDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0023]
"FriendlyName"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0025]
"DriverDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0025]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0032]
"DriverDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0032]
"FriendlyName"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0033]
"DriverDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0033]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0034]
"DriverDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0034]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0035]
"DriverDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0035]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0043]
"DriverDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0043]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#10021055004392&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#10021055004392&0#]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_2.00#138942141873&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_2.00#138942141873&0#]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_CCR-60&REV_9407#07101500000A&0#]
"DeviceDesc"="CCR-60          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_CCR-60&REV_9407#07101500000A&0#]
"FriendlyName"="CCR-60          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E1EC954&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E1EC954&0#]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E45C45B&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E45C45B&0#]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_IT1162&PROD_&REV_1.00#1D526E74B7B4FB&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_IT1162&PROD_&REV_1.00#1D526E74B7B4FB&0#]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356918031293478&0#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356918031293478&0#]
"FriendlyName"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356918031293478&1#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356918031293478&1#]
"FriendlyName"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.02#173800160C53345B&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.02#173800160C53345B&0#]
"FriendlyName"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90A61E00FFAF27E1&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90A61E00FFAF27E1&0#]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90A61E00FFFF1BAC&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90A61E00FFFF1BAC&0#]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90B40200FFBF0667&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90B40200FFBF0667&0#]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0000]
"DriverDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0000]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0008]
"DriverDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0008]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0011]
"DriverDesc"="CCR-60          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0011]
"FriendlyName"="CCR-60          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"DriverDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0019]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0022]
"DriverDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0022]
"FriendlyName"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0023]
"DriverDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0023]
"FriendlyName"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0025]
"DriverDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0025]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0032]
"DriverDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0032]
"FriendlyName"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0033]
"DriverDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0033]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0034]
"DriverDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0034]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0035]
"DriverDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0035]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0043]
"DriverDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}\0043]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#10021055004392&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_#10021055004392&0#]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_2.00#138942141873&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_&REV_2.00#138942141873&0#]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_CCR-60&REV_9407#07101500000A&0#]
"DeviceDesc"="CCR-60          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_&PROD_CCR-60&REV_9407#07101500000A&0#]
"FriendlyName"="CCR-60          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E1EC954&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E1EC954&0#]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E45C45B&0#]
"DeviceDesc"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A27001E45C45B&0#]
"FriendlyName"="iPod            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_IT1162&PROD_&REV_1.00#1D526E74B7B4FB&0#]
"DeviceDesc"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_IT1162&PROD_&REV_1.00#1D526E74B7B4FB&0#]
"FriendlyName"="                "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356918031293478&0#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356918031293478&0#]
"FriendlyName"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356918031293478&1#]
"DeviceDesc"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_NOKIA&PROD_S60&REV_1.0#356918031293478&1#]
"FriendlyName"="S60             "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.02#173800160C53345B&0#]
"DeviceDesc"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_SANDISK&PROD_CRUZER&REV_8.02#173800160C53345B&0#]
"FriendlyName"="Cruzer          "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90A61E00FFAF27E1&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90A61E00FFAF27E1&0#]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90A61E00FFFF1BAC&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90A61E00FFFF1BAC&0#]
"FriendlyName"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90B40200FFBF0667&0#]
"DeviceDesc"="DISK            "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_USB2.0&PROD_DISK&REV_PMAP#90B40200FFBF0667&0#]
"FriendlyName"="DISK            "
[HKEY_USERS\S-1-5-21-1312654687-3428442780-377800408-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\Kies Air Discovery Service]
"Comments"="Discover and connect to Kies Air devices                    "

-= EOF =-
         

Ich drücke die Daumen... Danke für deine Mühe!!!!

Liebe Grüße,
Nici


Alt 03.03.2013, 16:16   #6
M-K-D-B
/// TB-Ausbilder
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)



Servus,



wir entfernen die letzten Reste und kontrollieren nochmal alles.
Im Anschluss kümmern wir uns dann um den Rest.



Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.1.0.19
O4 - HKCU..\Run: [Atqytya] "C:\Users\Timo & Nici\AppData\Roaming\Efme\vuury.exe" File not found

:files
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
C:\Windows\System32\config\Timo & Nici\AppData\LocalLow\Softonic_Deutsch
C:\Program Files\DsNET Corp\aTube Catcher 1.0\aTube Catcher 2.0\OpenCandy

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\b20cb3df-df8d-420f-a7e1-54fa2f38b7a9]
[-HKEY_LOCAL_MACHINE\SOFTWARE\aTube Catcher\OpenCandy]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8683E992-A461-4A15-B82D-2031F16CF54A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720]

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
  • Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






Schritt 4
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Alt 04.03.2013, 10:05   #7
nici_st
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)



Hallo Matthias,

ich bin begeistert, dass das so super läuft! Hier die neuesten Ergebnisse:

Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.1.0.19 removed from extensions.enabledItems
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Atqytya deleted successfully.
========== FILES ==========
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar moved successfully.
C:\Windows\System32\config\Timo & Nici\AppData\LocalLow\Softonic_Deutsch\Logs folder moved successfully.
C:\Windows\System32\config\Timo & Nici\AppData\LocalLow\Softonic_Deutsch folder moved successfully.
C:\Program Files\DsNET Corp\aTube Catcher 1.0\aTube Catcher 2.0\OpenCandy folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\b20cb3df-df8d-420f-a7e1-54fa2f38b7a9\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\aTube Catcher\OpenCandy\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8683E992-A461-4A15-B82D-2031F16CF54A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8683E992-A461-4A15-B82D-2031F16CF54A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Timo & Nici
->Temp folder emptied: 554975 bytes
->Temporary Internet Files folder emptied: 145955391 bytes
->Java cache emptied: 11976419 bytes
->FireFox cache emptied: 59801728 bytes
->Flash cache emptied: 9820303 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 218,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03032013_192001

Files\Folders moved on Reboot...
C:\Windows\temp\JET4617.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.03.09

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Timo & Nici :: LAPPI [Administrator]

03.03.2013 19:27:43
mbam-log-2013-03-03 (19-27-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205570
Laufzeit: 5 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e4ca86935bb4fb4ea201e9d7a5bc5832
# engine=13289
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-04 08:14:27
# local_time=2013-03-04 09:14:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT 
# compatibility_mode=5892 16776574 100 100 223470 199917595 0 0
# scanned=149674
# found=4
# cleaned=0
# scan_time=6372
sh=FAD59FFF447B3E67D45D7358491C5FF8977146D2 ft=1 fh=33348abc4f3897b4 vn="Win32/Spy.Zbot.AAO trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Timo & Nici\AppData\Roaming\Efme\vuury.exe.vir"
sh=81266AF4A5A603B3E0375359894D903CB11D1A5C ft=1 fh=60c1217f7d399df6 vn="a variant of Win32/Kryptik.ASVV trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe.vir"
sh=9FD7A7F30F7E4BB3498DCAEC67D22FA4E4D24DE4 ft=0 fh=0000000000000000 vn="JS/Exploit.Pdfka.PPO trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JDNET8SD\55a9e[1].pdf"
sh=8E1D5E59ACD14CF14CB46DE4CAD89B4B8A3EA4E4 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-1723.BP trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\19c75bc4-61dca532"
         

Die checkup.txt war leer (Im Fenster stand nach dem Durchlauf und dass sich checkup.txt öffnet dann zwei mal "Der Pfad wurde nicht gefunden")

Was kann ich jetzt noch tun?

Danke dir vielmals!

Gruß,
Nici

Hallo Matthias,

es war gerade sehr komisch... ich hatte im Internet Explorer eine Seite auf (nichts besonderes, brautbox.de oder so), dann hat er sich aufgehängt. Ich habe den Explorer geschlossen und dann gingen aber plötzlich immer mehr Fenster von der Seite auf - ich konnte das gar nicht stoppen (wie eine Popup-Bombe oder wie das heißt...)
Nach Neustart ist jetzt wieder alles normal.

Gruß,
Nici

Alt 04.03.2013, 19:42   #8
M-K-D-B
/// TB-Ausbilder
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)



Servus,



führe zur Kontrolle bitte nochmal OTL aus:



Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Alt 04.03.2013, 20:08   #9
nici_st
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)



Hi Matthias,

hier die Auswertung:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.03.2013 19:56:04 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo & Nici\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,64% Memory free
6,17 Gb Paging File | 5,21 Gb Available in Paging File | 84,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,88 Gb Total Space | 155,92 Gb Free Space | 67,83% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI | User Name: Timo & Nici | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.02 10:21:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo & Nici\Downloads\OTL.exe
PRC - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.24 18:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010.03.02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.11.13 10:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009.11.13 10:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009.11.13 10:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009.06.16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.09.30 16:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008.09.30 16:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2007.08.09 12:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.07.19 14:32:34 | 001,120,568 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2007.04.19 10:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.11 10:40:22 | 000,232,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2007.01.11 10:40:18 | 000,017,656 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006.12.18 16:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.27 11:18:58 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\10fc12b6bf6510f0b967d20a2b04c476\Microsoft.VisualBasic.ni.dll
MOD - [2011.03.27 11:18:26 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\31729b33207d1093721f9e943302b900\System.Management.ni.dll
MOD - [2011.03.23 06:14:23 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll
MOD - [2011.03.23 06:14:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll
MOD - [2011.03.22 19:51:58 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45d73bf5a07b8fd8a12fcf7d68e9b318\System.Data.ni.dll
MOD - [2011.03.22 19:51:11 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll
MOD - [2011.03.22 19:50:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll
MOD - [2011.03.22 19:50:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
MOD - [2011.03.22 19:50:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll
MOD - [2011.03.22 19:50:33 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ba71341e41687591124f9a5680cb0981\System.ServiceProcess.ni.dll
MOD - [2011.03.22 19:49:50 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2011.03.22 19:49:19 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2009.08.19 14:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009.07.29 14:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008.07.29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.07.27 19:00:27 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2008.07.27 19:00:26 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008.07.27 19:00:17 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.07.27 19:00:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.27 19:00:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.resources.dll
MOD - [2008.04.23 09:20:56 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2700.36866__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:56 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2700.36824__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:56 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2700.36879__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:56 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2700.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2700.36859__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2700.36879__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2700.36844__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:55 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2700.37128__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2700.37044__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2700.36979__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:25 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2700.37052__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2700.37121__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2700.37134__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2700.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:25 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2700.36837__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2700.37051__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2700.37120__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:24 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2700.36989__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2700.36893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2700.36845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2700.37072__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2700.37031__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2700.36900__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:24 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2700.36886__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2700.37010__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2700.36987__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2700.36899__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2700.37010__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2700.36980__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:23 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2700.36973__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2700.36979__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2700.36986__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.04.23 09:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2700.37030__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.04.23 09:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.04.23 09:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.04.23 09:20:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.04.23 09:20:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.04.23 09:20:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2665.42197__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.04.23 09:20:15 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2700.37103_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2008.04.23 09:20:14 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2700.37157__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.04.23 09:20:14 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2700.36821__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.04.23 09:20:11 | 001,503,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2700.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.04.23 09:20:11 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2700.36852__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.04.23 09:20:11 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2700.37103__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.04.23 09:20:11 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2700.37112__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.04.23 09:20:11 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2700.36823__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.04.23 09:20:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2700.37110__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.04.23 09:20:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.04.23 09:20:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.04.23 09:20:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.04.23 09:20:11 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.04.23 09:20:10 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2700.36823__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.04.23 09:20:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2700.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.04.23 09:20:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2700.37112__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.04.23 09:20:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.04.23 09:20:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.05.25 05:52:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.01.11 10:02:14 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2013.03.03 13:18:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.26 19:43:50 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.11.13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009.06.16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.04.23 18:13:37 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\TIMO&N~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.02.13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.05.27 10:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.05.27 10:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.05.27 10:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.05.27 10:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.05.27 10:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.05.27 10:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.05.27 10:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2007.07.30 15:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.07.12 11:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007.05.25 06:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.23 04:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.10.30 09:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 127.0.0.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Timo & Nici\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 14:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.03 13:18:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.31 21:31:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 14:32:27 | 000,000,000 | ---D | M]
 
[2008.08.31 17:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Extensions
[2013.03.02 19:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions
[2011.07.15 18:10:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.12.31 21:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.04.23 09:28:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.12.31 21:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013.03.03 13:18:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.03 13:18:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.03 13:18:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.03 13:18:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.03 13:18:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.03 13:18:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.03 13:18:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.03 14:05:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKCU..\Run: [Atqytya] "C:\Users\Timo & Nici\AppData\Roaming\Efme\vuury.exe" File not found
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - Startup: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EA77E1D-1647-4FB5-91BE-213D9B625ACB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE063151-8F8A-4790-BB35-6C01A3D017D6}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.04 07:25:21 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Timo & Nici\Desktop\esetsmartinstaller_enu.exe
[2013.03.03 19:20:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.03 14:07:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.03 13:56:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.03 13:21:28 | 005,036,301 | R--- | C] (Swearware) -- C:\Users\Timo & Nici\Desktop\ComboFix.exe
[2013.03.03 13:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.03.03 13:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013.03.02 19:18:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.02 19:18:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.02 19:18:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.02 19:18:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013.03.02 19:18:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.02 19:18:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.02 19:11:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.02 19:11:41 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.02 19:11:18 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Timo & Nici\Desktop\JRT.exe
[2013.03.01 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Malwarebytes
[2013.03.01 22:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 22:23:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.01 22:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.26 19:58:29 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.26 19:58:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.26 19:58:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.26 19:58:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.15 17:14:54 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\Desktop\FÜR FP
[2013.02.15 15:05:15 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\Desktop\drucken
[2011.12.14 19:49:57 | 014,597,312 | ---- | C] (Mozilla) -- C:\Users\Timo & Nici\Firefox Setup 8.0.1.exe
[2010.06.03 21:30:14 | 007,981,569 | ---- | C] (DsNET) -- C:\Users\Timo & Nici\aTube300_Catcher.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.04 19:53:40 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.04 19:53:40 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.04 19:53:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.04 19:53:30 | 3220,398,080 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.04 13:59:59 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job
[2013.03.04 12:49:09 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.04 12:49:09 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.04 12:49:09 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.04 12:49:09 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.04 09:46:17 | 000,881,935 | ---- | M] () -- C:\Users\Timo & Nici\Desktop\SecurityCheck.exe
[2013.03.04 07:25:24 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Timo & Nici\Desktop\esetsmartinstaller_enu.exe
[2013.03.03 19:00:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2013.03.03 18:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.03 14:33:56 | 000,139,264 | ---- | M] () -- C:\Users\Timo & Nici\Desktop\SystemLook.exe
[2013.03.03 14:05:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.03.03 13:21:36 | 005,036,301 | R--- | M] (Swearware) -- C:\Users\Timo & Nici\Desktop\ComboFix.exe
[2013.03.02 19:11:29 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Timo & Nici\Desktop\JRT.exe
[2013.03.02 18:59:41 | 000,594,019 | ---- | M] () -- C:\Users\Timo & Nici\Desktop\adwcleaner.exe
[2013.03.02 14:47:52 | 000,018,280 | ---- | M] () -- C:\Users\Timo & Nici\Desktop\Trojaner.odt
[2013.03.02 14:37:33 | 323,234,691 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.02 10:18:18 | 000,000,000 | ---- | M] () -- C:\Users\Timo & Nici\defogger_reenable
[2013.02.27 14:41:45 | 000,150,528 | ---- | M] () -- C:\Users\Timo & Nici\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.26 19:57:43 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.26 19:57:37 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.26 19:57:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.26 19:57:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.26 19:57:36 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.02.26 19:57:36 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.26 19:43:49 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.26 19:43:49 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.03 16:09:19 | 000,020,147 | ---- | M] () -- C:\Users\Timo & Nici\Documents\Haushaltsbuch_2013.ods
 
========== Files Created - No Company Name ==========
 
[2013.03.04 09:46:15 | 000,881,935 | ---- | C] () -- C:\Users\Timo & Nici\Desktop\SecurityCheck.exe
[2013.03.03 14:33:55 | 000,139,264 | ---- | C] () -- C:\Users\Timo & Nici\Desktop\SystemLook.exe
[2013.03.02 19:18:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.02 19:18:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.02 19:18:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.02 19:18:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.02 19:18:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.02 18:59:33 | 000,594,019 | ---- | C] () -- C:\Users\Timo & Nici\Desktop\adwcleaner.exe
[2013.03.02 10:18:18 | 000,000,000 | ---- | C] () -- C:\Users\Timo & Nici\defogger_reenable
[2013.03.01 22:13:39 | 000,018,280 | ---- | C] () -- C:\Users\Timo & Nici\Desktop\Trojaner.odt
[2013.02.22 16:26:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 15:48:57 | 000,020,147 | ---- | C] () -- C:\Users\Timo & Nici\Documents\Haushaltsbuch_2013.ods
[2010.07.02 12:43:40 | 000,000,922 | ---- | C] () -- C:\Users\Timo & Nici\dm-Fotowelt.lnk
[2009.10.23 18:59:24 | 000,000,439 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Roaming\mdbu.bin
[2009.03.15 11:51:41 | 000,007,268 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\d3d9caps.dat
[2008.07.19 13:13:37 | 000,150,528 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.19 13:04:04 | 000,000,099 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008.11.06 13:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\yamaha.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\web to date Projekte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\VLC media player:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Unterlagen Allscheidt 6:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp Website Backup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp Webseite_Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SUP_31_22_Me_Ti.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Studie AB.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Stimmgabel_Yamaha.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Skript:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\s.n. Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Rückwärtszähler:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\restore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Personalausweis.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\MORITZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Immo-Seite alt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\HOCHZEIT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\fonts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Expose:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Erzeugte Websites:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Eigene Scans:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Driegeltrath:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\diverses:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Bewerbungen 2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Armin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\ap:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Andy Bewerbung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Am Kämpchen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\Nici Arbeit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\FÜR FP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\drucken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\bad:Roxio EMC Stream

< End of report >
         
--- --- ---


Extras
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.03.2013 19:56:04 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo & Nici\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,64% Memory free
6,17 Gb Paging File | 5,21 Gb Available in Paging File | 84,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,88 Gb Total Space | 155,92 Gb Free Space | 67,83% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI | User Name: Timo & Nici | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1312654687-3428442780-377800408-1002]
"EnableNotificationsRef" = 3
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC11D7A-382C-49F8-AA3B-7B35FDE53B1C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0F4BFA5A-C71E-455D-AE7F-F5A68AE23E0C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{498DF453-3FDD-4F81-B097-B7EE3234ADBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5BAB4981-7152-4864-BE83-249D7AB9BFF8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{89B82B15-10A0-4CDE-9D1E-21D8DA288F79}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9AB3BD36-957A-45BC-AB88-F8BD0DA8AA6A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9C7AA73D-5302-4758-9786-06E7C5756793}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9F9D628B-D5CC-492B-916D-CFEEF4BB4DB7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B32159DA-05A3-4F46-9AEE-8DFB7EBB00AD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D3FFA111-641E-4C85-944B-CBDBE1B6EF92}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EB2843-4BAD-45A7-8C4C-EEE8C4F61C0F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{1A283C4B-83A0-4FC6-A60C-F7996C884E81}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1C5D26BF-0135-42C9-937C-F082BF28E472}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{24E7E0C2-827A-4FFC-84A7-F7472161C0BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2760EC05-FA31-4066-978E-26BFDDF56CCD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2A3F5692-0F66-4D12-A07A-2108EDFF791A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{3B04681E-9960-4ECF-ADC7-9993027DE195}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{3BA5A97B-99B7-40F2-92D9-3B311B1CADA0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{3D789947-1327-4EEF-B3E6-43028595EADD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{4D86AED2-E850-4FEE-81D6-76FADBB6C8AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{51321EE3-2B2C-499B-BAE2-D3794DF724B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{5CC1B2E7-050A-4171-BB93-FC71AE0654F9}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{6EEBCFE1-77F9-407A-8035-2302F559C1AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{75471811-32B3-491C-8B91-471FD337E7E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{7E11796B-63C3-48E6-AA5D-24ABB742E2E5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{817612C7-132B-4470-94F6-B4E608F060A0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{81862F82-C575-46DC-927E-A02ED682CB3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{912788FE-1108-4A1E-AE8B-653AED257B96}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{AAA00D6A-FE8F-4EB1-A0EF-04C64567B148}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{B1E6296F-27A7-4CC4-BA7B-63107F773824}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B48DDAFB-DC2D-4C5D-B159-E77828CAD992}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{CC164EE3-DD36-4E7E-85DD-85015F4FDE1A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{D75BB2C3-09C3-47EB-946C-C4FCE83B1FE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{DB9E1049-2CB0-4610-AE1A-516EA7923C67}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{EC8EE595-2CD0-40E7-B58C-65089D827CD0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F29D12F9-59B2-4F8D-B240-9B1208072BAE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{FC967F93-3F0A-4900-8028-FD605B5390E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{1D9C37BF-9889-4518-A91E-4BE9C66AE32B}C:\program files\typo3\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files\typo3\apache\bin\apache.exe | 
"TCP Query User{215F2B8B-69B4-4479-BE58-A65B11CA1E20}D:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=d:\bin\ia\core\mdm_util.exe | 
"TCP Query User{226EAA1D-75FC-41B5-82E1-2017C0BEE8DE}C:\program files\data becker\web to date 6.0\ftptrans.exe" = protocol=6 | dir=in | app=c:\program files\data becker\web to date 6.0\ftptrans.exe | 
"TCP Query User{2737CBE0-3522-40B4-A97D-F0EEA5CED0C1}C:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe | 
"TCP Query User{45325262-C72D-4B8A-A66F-25C5692C5569}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{77108691-02CA-4890-81C7-F4754695413B}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{A2627E80-0276-4703-BA46-D45761074565}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"TCP Query User{A70D80E5-7405-4789-9EE9-F9D1239CA3B4}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"TCP Query User{A8C456CF-9343-47A0-9950-94A2CF7FA21A}C:\program files\data becker\web to date 7\ftptrans.exe" = protocol=6 | dir=in | app=c:\program files\data becker\web to date 7\ftptrans.exe | 
"TCP Query User{E6C36B1D-F62D-4E88-AD41-D46EAA6420B7}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{EF0ED677-FAE2-4C10-A9F8-88FD4AC899C1}C:\program files\typo3\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\typo3\mysql\bin\mysqld.exe | 
"UDP Query User{0620CE6A-7E94-4E8E-89CD-61692A2DEA80}C:\program files\data becker\web to date 7\ftptrans.exe" = protocol=17 | dir=in | app=c:\program files\data becker\web to date 7\ftptrans.exe | 
"UDP Query User{0EEB2791-3AB0-4455-9CC1-B9AF3D58AA86}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"UDP Query User{1533C1C0-2C97-40CF-99C4-93D4E938B7A5}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{1B112852-A4E6-42AD-9E59-01EEC3BE7878}C:\program files\data becker\web to date 6.0\ftptrans.exe" = protocol=17 | dir=in | app=c:\program files\data becker\web to date 6.0\ftptrans.exe | 
"UDP Query User{29AD8B41-42A4-4CD3-B042-FDA30F46D422}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{88B0C670-5185-45D7-8A4A-7236D2CE0541}D:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=d:\bin\ia\core\mdm_util.exe | 
"UDP Query User{B8A97F01-CCA5-4F14-83FD-C0E2EFCBFDC1}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{DF5EB59D-CDEA-4858-941C-EB824D638B33}C:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe | 
"UDP Query User{E4F94932-7A06-4756-AC64-49B8037DA944}C:\program files\typo3\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files\typo3\apache\bin\apache.exe | 
"UDP Query User{F21075C4-5505-4F23-88BE-AEA28ECC579C}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"UDP Query User{F255DEF9-AC6F-4CE5-BC06-78A6B9857B6C}C:\program files\typo3\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\typo3\mysql\bin\mysqld.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0C5A9DEB-AA63-E327-3067-28CC79EB61D8}" = CCC Help Spanish
"{0DE3F04D-1CB1-6481-F970-37DC56287F13}" = Catalyst Control Center Localization Polish
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1D70E271-4349-4802-BB77-8E8A23F37151}" = Catalyst Control Center Localization Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{221BA099-FA5F-EB6C-2B8B-D7B384D79D11}" = ccc-utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C00028-4CC9-2FC5-85CD-1C29FB5442C0}" = Catalyst Control Center Localization Norwegian
"{299FB8EC-CA61-2503-C75D-394A3932FCF3}" = CCC Help Thai
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E21BC34-652C-E8FA-4FC1-DDCE012D2ADE}" = Catalyst Control Center Graphics Light
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF3552A-C9FA-BD8D-D8E5-DA25E0E2A95A}" = CCC Help Russian
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{328E72CE-19EC-CE8D-0D39-B9EAFA3606EB}" = Catalyst Control Center Localization French
"{3595EF18-1946-9F0D-0A5E-54B682D63D43}" = CCC Help Greek
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{409BF604-40A9-C7E5-5644-BE3D70756F10}" = CCC Help Polish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{46E1FFFA-D9FC-DB9A-DD0D-FD0C754ED232}" = ccc-core-static
"{475CD8E7-132C-C303-4E8E-5792D284A2B2}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E49E9B4-9B3E-DFF2-AE86-39AF2A675755}" = Catalyst Control Center Localization Japanese
"{4E98EBDD-D4F5-C4EA-319A-F213763BE5A9}" = Catalyst Control Center Localization Thai
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5CFA2909-F2D4-D5F6-B122-D86638BD6118}" = Catalyst Control Center Localization Greek
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65663213-4239-02AB-29C7-0B23EBD30AFC}" = CCC Help Czech
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68F330AF-55AF-337A-B570-841517C5D174}" = CCC Help Turkish
"{69DAA768-DE42-46F4-BBAB-1E2CE5F90BAE}" = WPC-EASY-V1.2-DEMO  1.2
"{6AF47E58-84F4-0453-9277-5AB5F202AC88}" = CCC Help Chinese Traditional
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C7A02F0-0ADE-00D1-5EEB-B3495AE33371}" = CCC Help Finnish
"{6CB09473-7C20-7844-1CC0-29D0C51884AE}" = Catalyst Control Center Localization Portuguese
"{6D69A2C1-7194-AE60-4AD6-1477C14ED50D}" = Catalyst Control Center Localization Finnish
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77F7B355-0612-B4D0-250E-701DC65ED26B}" = Catalyst Control Center Localization Danish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B1145B0-2B0E-72CA-DF99-924944747C49}" = CCC Help Italian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E65D89E-B956-880E-4DDE-9DE48B13A6A0}" = Catalyst Control Center Localization Spanish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{944523A5-F9DF-0C73-4C7E-8F95A489BEA9}" = Catalyst Control Center Core Implementation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9665D8CE-8BB9-EE1E-8543-BDAD785AD7B4}" = Catalyst Control Center Localization Russian
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C20015F-B6F3-69E1-C222-4A96B0D1ECA2}" = CCC Help Danish
"{A17A5A40-6BD8-2E81-2148-6D85C45BBC08}" = Catalyst Control Center Localization Czech
"{A2046E31-D0A9-395E-42FC-195611A3D263}" = Catalyst Control Center Localization Chinese Traditional
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABE7F67B-9B82-D0B8-98A0-0B9857044BD9}" = Catalyst Control Center Localization Swedish
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B377CFB6-3DC9-DB9A-0FD6-F62B9656BAD7}" = CCC Help Norwegian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{BBD6AE19-4BF2-F279-723A-FFE703C7BE35}" = CCC Help Japanese
"{BCBF5C93-EAF3-D3E1-56A0-E20905B6F0A5}" = CCC Help Chinese Standard
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8E571C4-0754-1D8B-E08E-04A3AE8FB807}" = Catalyst Control Center Localization Dutch
"{C9F12EC7-17B7-11DF-5823-D6667B33CE86}" = Catalyst Control Center Localization Korean
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A55340-F289-772A-FCF6-A4A3209CE863}" = CCC Help German
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC22B4FF-0500-9C3C-9645-0E192888480D}" = Catalyst Control Center Localization German
"{DDED2BA7-FE4E-1183-FDCF-348A4BE362A7}" = CCC Help Hungarian
"{DE376A2C-7964-617C-CB94-C2D1E9B6B24A}" = Catalyst Control Center Localization Italian
"{E2498002-042E-2D61-6578-42D995B021F2}" = CCC Help French
"{E2FCC9D2-AE19-9DA3-FDF8-58594C80126D}" = Catalyst Control Center Localization Chinese Standard
"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver
"{E82C6C1A-1258-ACE3-9061-2FA3FAF40398}" = Catalyst Control Center Localization Hungarian
"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager
"{EB89DC4E-A3C2-A1ED-4689-F95CF3E07CCA}" = CCC Help English
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE23EF27-B925-4A27-E2C7-1D9E5B038DD8}" = CCC Help Swedish
"{EE247152-BFC5-9C7B-E19F-A57BFF5FEB9C}" = CCC Help Korean
"{EF0F5226-0C5B-83C9-65CB-58F6D3E22F6B}" = Catalyst Control Center Graphics Full Existing
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7EFB45A-0244-02A2-E9E2-C6A1E7E3D3EB}" = CCC Help Portuguese
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FFC18C10-E04D-D93B-5029-A66B086BBEC7}" = Catalyst Control Center Graphics Full New
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AdobeReader" = Adobe Reader 8
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 1.2.3
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CREATOR9" = Creator 9
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FirefoxDE" = Firefox
"Flashplayer" = Flash Player 9 Internet Explorer
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"GOOGLE_EARTH" = Google Earth
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"LCDTest" = Packard Bell LCD Test
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"METABOLI" = Metaboli
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"N360_2007_DE" = Norton 360
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SETUPMYPC_DE" = SetUp My PC
"Shockwave" = Shockwave player 10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Updator" = Packard Bell Updator
"VLC media player" = VLC media player 1.1.10
"web to date 7_is1" = DATA BECKER web to date 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WordToPDF_is1" = WordToPDF 2.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Kies Air Discovery Service" = Kies Air Discovery Service
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.03.2013 02:26:53 | Computer Name = Lappi | Source = WerSvc | ID = 5007
Description = 
 
Error - 04.03.2013 07:42:56 | Computer Name = Lappi | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 04.03.2013 07:43:07 | Computer Name = Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.03.2013 07:49:08 | Computer Name = Lappi | Source = WerSvc | ID = 5007
Description = 
 
Error - 04.03.2013 09:00:13 | Computer Name = Lappi | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.16982 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 724  Anfangszeit: 01ce18d7d3193fe8  Zeitpunkt
 der Beendigung: 17
 
Error - 04.03.2013 09:10:00 | Computer Name = Lappi | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 04.03.2013 09:10:12 | Computer Name = Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.03.2013 14:54:29 | Computer Name = Lappi | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 04.03.2013 14:54:38 | Computer Name = Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.03.2013 15:00:43 | Computer Name = Lappi | Source = WerSvc | ID = 5007
Description = 
 
[ System Events ]
Error - 04.03.2013 09:08:46 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 4, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.03.2013 09:08:46 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.03.2013 09:08:47 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.03.2013 09:09:10 | Computer Name = Lappi | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description = 
 
Error - 04.03.2013 09:15:37 | Computer Name = Lappi | Source = DCOM | ID = 10010
Description = 
 
Error - 04.03.2013 14:53:15 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 2, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.03.2013 14:53:15 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 4, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.03.2013 14:53:15 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.03.2013 14:53:16 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 04.03.2013 14:53:39 | Computer Name = Lappi | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description = 
 
 
< End of report >
         
--- --- ---


Danke und liebe Grüße,
Nici

Alt 04.03.2013, 20:39   #10
M-K-D-B
/// TB-Ausbilder
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)



Servus,




Downloade dir HitmanPro (32 Bit) auf deinen Desktop.
  • Starte die HitmanPro.exe.
  • Klicke zweimal auf Weiter.
  • Lass am Ende des Suchlaufs ggf. auftretende Funde entfernen.
  • Wähle im nächsten Fenster Logdatei speichern und speichere die Logdatei auf deinem Desktop.
  • Poste die HitmanPro_<Datum_Uhrzeit>.txt mit deiner nächsten Antwort.

Alt 04.03.2013, 21:12   #11
nici_st
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)



Hallo Matthias,

weiter geht's:

Code:
ATTFilter
HitmanPro 3.7.2.190
www.hitmanpro.com

   Computer name . . . . : LAPPI
   Windows . . . . . . . : 6.0.0.6000.X86/2
   User name . . . . . . : Lappi\Timo & Nici
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-03-04 20:58:16
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 53

   Objects scanned . . . : 1.788.406
   Files scanned . . . . : 20.203
   Remnants scanned  . . : 602.220 files / 1.165.983 keys

Cookies _____________________________________________________________________

   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@2o7[1].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@ad.360yield[2].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@ad.ad-srv[2].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@ad.yieldmanager[2].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@adtech[2].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@apmebf[1].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@atdmt[2].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@doubleclick[1].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@eas.apm.emediate[2].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@fastclick[1].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@perf.overture[1].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@revsci[2].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@serving-sys[1].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@tradedoubler[1].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@uk.at.atwola[2].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@ww251.smartadserver[1].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@www.googleadservices[1].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@www.googleadservices[2].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@www.googleadservices[3].txt
   C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Cookies\timo_&_nici@youporn[1].txt
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:2o7.net
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:ad.360yield.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:ad.ad-srv.net
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:ad.adnet.de
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:ad.zanox.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:adtech.de
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:apmebf.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:at.atwola.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:atdmt.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:doubleclick.net
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:eas.apm.emediate.eu
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:fastclick.net
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:invitemedia.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:media6degrees.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:mediaplex.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:oracle.112.2o7.net
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:revsci.net
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:ru4.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:serving-sys.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:smartadserver.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:specificclick.net
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:stats.paypal.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:track.adform.net
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:track.effiliation.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:tradedoubler.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:tribalfusion.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:uk.at.atwola.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:ww251.smartadserver.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:www.etracker.de
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:www.googleadservices.com
   C:\Users\Timo & Nici\AppData\Roaming\Mozilla\Firefox\Profiles\xz671v2w.default\cookies.sqlite:zedo.com
         

Gruß,
Nici

Alt 05.03.2013, 16:08   #12
M-K-D-B
/// TB-Ausbilder
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)



Servus,



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Atqytya] "C:\Users\Timo & Nici\AppData\Roaming\Efme\vuury.exe" File not found

:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.



Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier:
    Java Download (32 bit)
  • Speichere die Datei auf deinem Desktop.
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die Datei. Diese wird die neueste Java Version ( Java 7 Update 15 ) installieren.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.
schneller Plugin-Test: PluginCheck





Schritt 2
Deine Version von Adobe Flash Player ist veraltet.
Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
  • Bitte besuche diese Seite von Adobe.
  • Wähle dein Betriebssystem und deinen Internetbrowser ("Internet Explorer" oder "other" für Firefox zum Beispiel)
  • Deaktiviere gegebenenfalls den Haken vor Google Chrome bzw. McAfee Security Scan.
  • Installiere die neuste Version auf deinem Computer.





Schritt 3
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.





Schritt 4
  • Klicke auf > Hilfe > Über Firefox
  • Warte bis das Update geladen ist, klicke auf Update installieren und lasse Firefox neu starten.
  • Prüfe bitte, ob weitere Updates vorliegen oder ob Firefox aktuell ist.
  • Klicke nun auf > Add-ons > > Auf Updates überprüfen
  • Nach einem weiteren Neustart von Firefox sollte alles aktuell sein.

Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen:




Schritt 5
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt 6
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
  • Sollten noch Programme, die wir verwendet haben, vorhanden sein, so lösche diese bitte per Hand.





Schritt 7
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
  • Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 05.03.2013, 20:55   #13
nici_st
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)



Hallo Matthias,

alles erledigt und hier die letzte Auswertung

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Atqytya deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Timo & Nici
->Temp folder emptied: 77659 bytes
->Temporary Internet Files folder emptied: 7781990 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 769 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 187970 bytes
RecycleBin emptied: 122584 bytes
 
Total Files Cleaned = 8,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03052013_174738

Files\Folders moved on Reboot...
C:\Windows\temp\JET3ACE.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Bisher funktioniert alles gut.

Danke, danke, danke für deine Hilfe!!!

Liebe Grüße,
Nici

Alt 06.03.2013, 17:02   #14
M-K-D-B
/// TB-Ausbilder
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Standard

Downloadtrojaner gefunden (Win32/Dofoil.R)



Ich bin froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Antwort

Themen zu Downloadtrojaner gefunden (Win32/Dofoil.R)
32 bit, antiviren-programm, audacity, becker, bho, bonjour, canon, danke für eure hilfe!, desktop, downloader, downloadtrojaner, e-banking, error, firefox, flash player, frage, hilfreich, home, index, install.exe, internet, logfile, minidump, mozilla, msiinstaller, packard bell, plug-in, popup, programm, realtek, registry, scan, security, softonic deutsch toolbar, software, super, symantec, system, trojan.agent.iet, trojaner, typo3, viren, vista, windows, ändern




Ähnliche Themen: Downloadtrojaner gefunden (Win32/Dofoil.R)


  1. Win32: Malware-gen / Win32: Trojan-gen bei Routinescan mit AVAST gefunden! Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (5)
  2. WIN 7,Trojaner Dofoil,Pishing beim Homebanking
    Lob, Kritik und Wünsche - 31.03.2014 (0)
  3. WIN 7,Trojaner Dofoil,Pishing beim Homebanking
    Log-Analyse und Auswertung - 31.03.2014 (13)
  4. Trojaner TR/Dldr.Dofoil.R.638 und (Virus?) JAVA/Agent.XB
    Log-Analyse und Auswertung - 04.07.2013 (13)
  5. Comdirect TAN-Abfrage. Funde wie TR/Bublik.I.17, TR/Spy.Dofoil.B...
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (15)
  6. Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?
    Log-Analyse und Auswertung - 09.06.2013 (19)
  7. Trojan Downloader: Win 32/Dofoil/U und PWS.Win32/Zbot.gen!Y auf PC gefunden
    Log-Analyse und Auswertung - 02.06.2013 (1)
  8. Trojan.Win32.Yakes.cmpu und not-a-virus:RemoteAdmin.Win32.WinVNC.mx durch Kasperky gefunden - Vorgehen?
    Log-Analyse und Auswertung - 01.04.2013 (22)
  9. 3 Trojianer gefunden: Win32: Sirefef-AVF, JS: ScriptPE-inf, Win32: Malware-gen
    Log-Analyse und Auswertung - 02.02.2013 (4)
  10. Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (29)
  11. Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (38)
  12. TR/Ransom.PS.1, DDOS/Dofoil.A.73
    Log-Analyse und Auswertung - 29.01.2012 (11)
  13. 4 Trojaner Kazy, Dofoil, Jorik.Spyeyes, Spy.Gen gefunden durch AntiVir
    Log-Analyse und Auswertung - 05.06.2011 (9)
  14. Win32:maleware-gen im Nvidia Treiber Win32.corrupt.Ag , PUA.PackedPECompact-1 Gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.12.2010 (0)
  15. Win32:Trojan-gen, Win32:Rootkit-gen, Win32:Adware-gen gefunden!
    Log-Analyse und Auswertung - 14.07.2008 (1)
  16. Win32:BHO-KD und Win32:Trojano-3384 Trojanern gefunden: Sie lassen sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 15.01.2008 (1)
  17. NOD32 hat Win32/Adware.UCmore und Win32/ServU-Daemon auf E: gefunden!
    Plagegeister aller Art und deren Bekämpfung - 18.04.2006 (7)

Zum Thema Downloadtrojaner gefunden (Win32/Dofoil.R) - Liebe Experten! Erstmal danke für eure Hilfe!!!! Als ich mich gestern beim Online-Banking angemeldet habe, wurde ich in einem Popup (in schlechterem Deutsch) aufgefordert, meine TANs einzugeben Also habe ich - Downloadtrojaner gefunden (Win32/Dofoil.R)...
Archiv
Du betrachtest: Downloadtrojaner gefunden (Win32/Dofoil.R) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.