Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Downloadtrojaner gefunden (Win32/Dofoil.R)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 02.03.2013, 17:36   #1
nici_st
 
Downloadtrojaner gefunden (Win32/Dofoil.R) - Icon32

Downloadtrojaner gefunden (Win32/Dofoil.R)



Liebe Experten!

Erstmal danke für eure Hilfe!!!!
Als ich mich gestern beim Online-Banking angemeldet habe, wurde ich in einem Popup (in schlechterem Deutsch) aufgefordert, meine TANs einzugeben

Also habe ich sofort einen Suchlauf nach Viren etc. gemacht - mit Windows Defender (bisher habe ich leider der Computersicherheit nicht so viel Beachtung geschenkt - immer erst wenn was passiert... also kein kostenpflichtiges Antivirenprogramm o.ä. installiert). Der Defender hat auch Folgendes gefunden und gelöscht:

Code:
ATTFilter
TrojanDownloader: Win32/Dofoil.R

Kategorie:
Downloadtrojaner

Beschreibung:
Dieses Programm ist gefährlich. Es lädt andere Programme herunter.

Empfehlung:
Entfernen Sie diese Software unverzüglich.

Ressourcen:
regkey:
HKCU@S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\BAE

runkey:
HKCU@S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN\\BAE

file:
C:\Windows\Temp\wpbt0.dll

file:
C:\Windows\system32\config\systemprofile\AppData\Roaming\5B09FC.exe

file:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F24B5F0N\readme[1].exe
         
Also nochmal bei der Commerbank probiert - Popup immernoch da.

Dann bin ich auf eure Seite gestoßen und bin (nur am Rande) begeistert, dass ihr uns Laien so toll helft! Danke nochmal !!!!!

Ich hoffe, ich habe alles richtig gemacht - hier also die Ergebnisse:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.01.09

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Timo & Nici :: LAPPI [Administrator]

01.03.2013 22:25:08
mbam-log-2013-03-01 (22-25-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349179
Laufzeit: 1 Stunde(n), 25 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VLC media player (Spyware.Zeus) -> Daten: C:\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|VLC media player (Spyware.Zeus) -> Daten: C:\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IExplorer Util (Trojan.Agent.IET) -> Daten: C:\Users\Timo & Nici\AppData\Roaming\ie_util.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Spyware.Zeus) -> Bösartig: (C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Run (Spyware.Zeus) -> Bösartig: (C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Timo & Nici\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ZUHKADO\9cc9c[1].exe (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Timo & Nici\AppData\Roaming\ie_util.exe (Trojan.Agent.IET) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Sieht sch... aus, oder?

Defogger wollte irgendwie nicht???

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:20 on 02/03/2013 (Timo & Nici)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
OTL logfile created on: 02.03.2013 10:21:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo & Nici\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 54,99% Memory free
6,17 Gb Paging File | 4,92 Gb Available in Paging File | 79,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,88 Gb Total Space | 154,03 Gb Free Space | 67,00% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI | User Name: Timo & Nici | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.02 10:21:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo & Nici\Downloads\OTL.exe
PRC - [2013.01.24 14:18:46 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.11.21 05:21:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.03.24 18:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010.03.02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.11.13 10:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009.11.13 10:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009.11.13 10:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009.06.16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.09.30 16:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008.09.30 16:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008.04.23 18:13:37 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.08.09 12:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.07.19 14:32:34 | 001,120,568 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2007.04.19 10:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.11 10:40:22 | 000,232,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2007.01.11 10:40:18 | 000,017,656 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006.12.18 16:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006.11.02 10:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.27 11:18:58 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\10fc12b6bf6510f0b967d20a2b04c476\Microsoft.VisualBasic.ni.dll
MOD - [2011.03.27 11:18:26 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\31729b33207d1093721f9e943302b900\System.Management.ni.dll
MOD - [2011.03.23 06:14:23 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll
MOD - [2011.03.23 06:14:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll
MOD - [2011.03.22 19:51:58 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45d73bf5a07b8fd8a12fcf7d68e9b318\System.Data.ni.dll
MOD - [2011.03.22 19:51:11 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll
MOD - [2011.03.22 19:50:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll
MOD - [2011.03.22 19:50:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
MOD - [2011.03.22 19:50:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll
MOD - [2011.03.22 19:50:33 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ba71341e41687591124f9a5680cb0981\System.ServiceProcess.ni.dll
MOD - [2011.03.22 19:49:50 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2011.03.22 19:49:19 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2009.08.19 14:49:08 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
MOD - [2009.07.29 14:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll
MOD - [2008.07.29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.07.27 19:00:27 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2008.07.27 19:00:26 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008.07.27 19:00:17 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.07.27 19:00:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.27 19:00:17 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.resources.dll
MOD - [2008.04.23 09:20:56 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2700.36866__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:56 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2700.36824__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:56 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2700.36879__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:56 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2700.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2700.36859__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2700.36879__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:56 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2700.36844__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:55 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2700.37128__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:55 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2700.37044__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2700.36979__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:25 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2700.37052__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2700.37121__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2700.37134__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2700.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:25 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2700.36837__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:25 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2700.37051__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2700.37120__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:24 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2700.36989__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2700.36893__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2700.36845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2700.37072__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2700.37031__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2700.36900__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008.04.23 09:20:24 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2700.36886__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2700.37010__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:24 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2700.36987__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2700.36899__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2700.37010__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2700.36980__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:23 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2700.36973__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008.04.23 09:20:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2700.36979__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2700.36986__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.04.23 09:20:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2700.37030__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008.04.23 09:20:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2665.42151__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.04.23 09:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2665.42178__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.04.23 09:20:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2665.42157__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2665.42177__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2665.42187__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2665.42166__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2665.42196__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.04.23 09:20:23 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.04.23 09:20:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2665.42162__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.04.23 09:20:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2665.42198__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.04.23 09:20:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2665.42197__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2665.42161__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2665.42156__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2665.42179__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2665.42164__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2665.42181__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.04.23 09:20:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2665.42187__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2665.42184__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2665.42186__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2665.42182__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2665.42167__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2665.42180__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2665.42185__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2665.42166__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2665.42187__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2665.42150__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.04.23 09:20:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.04.23 09:20:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2665.42160__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.04.23 09:20:15 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2700.37103_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2008.04.23 09:20:14 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2700.37157__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.04.23 09:20:14 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2700.36821__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008.04.23 09:20:11 | 001,503,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2700.36832__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008.04.23 09:20:11 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2700.36852__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.04.23 09:20:11 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2700.37103__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.04.23 09:20:11 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2700.37112__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.04.23 09:20:11 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2700.36823__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.04.23 09:20:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2700.37110__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.04.23 09:20:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2665.42165__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.04.23 09:20:11 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2665.42160__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.04.23 09:20:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.04.23 09:20:11 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2665.42196__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2665.42154__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.04.23 09:20:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2665.42167__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008.04.23 09:20:10 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2700.36823__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.04.23 09:20:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2700.36822__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.04.23 09:20:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2700.37112__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.04.23 09:20:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.04.23 09:20:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2665.42188__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.05.25 05:52:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.01.11 10:02:14 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2013.02.26 19:43:50 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010.05.28 15:29:26 | 002,650,112 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.11.13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009.06.16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.04.23 18:13:37 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.02.13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.05.27 10:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.05.27 10:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.05.27 10:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.05.27 10:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.05.27 10:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.05.27 10:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.05.27 10:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2007.07.30 15:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.07.12 11:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007.05.25 06:01:58 | 002,609,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.23 04:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.10.30 09:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14672
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=65babe8e-3ebc-478c-bed0-726c579ab9af&apn_sauid=0B226534-3E87-43B0-B1DE-3E738FD34261
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7PBEA_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 127.0.0.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.1.0.19
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Timo & Nici\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 14:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.31 21:31:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.31 21:31:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.28 14:32:27 | 000,000,000 | ---D | M]
 
[2008.08.31 17:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Extensions
[2012.03.15 11:33:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions
[2011.07.15 18:10:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.07.23 20:45:12 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2013.02.07 13:05:31 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\Firefox\Profiles\xz671v2w.default\extensions\toolbar@ask.com
[2013.02.07 13:05:31 | 000,002,323 | ---- | M] () -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\firefox\profiles\xz671v2w.default\searchplugins\askcom.xml
[2009.07.01 13:19:32 | 000,000,894 | ---- | M] () -- C:\Users\Timo & Nici\AppData\Roaming\mozilla\firefox\profiles\xz671v2w.default\searchplugins\conduit.xml
[2012.12.31 21:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.04.23 09:28:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.12.31 21:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Atqytya] C:\Users\Timo & Nici\AppData\Roaming\Efme\vuury.exe ()
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [VLC media player] C:\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe ()
O4 - HKCU..\RunOnce: [VLC media player] C:\Users\Timo & Nici\Documents\VLC media player\VLC media player.exe ()
O4 - Startup: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
F3 - HKCU WinNT: Load - (C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE) - C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE ()
F3 - HKCU WinNT: Run - (C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE) - C:\Users\TIMO&N~1\DOCUME~1\VLCMED~1\VLCMED~1.EXE ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EA77E1D-1647-4FB5-91BE-213D9B625ACB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE063151-8F8A-4790-BB35-6C01A3D017D6}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Timo & Nici\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{48da855a-6b3d-11df-979f-001fc6689462}\Shell - "" = AutoRun
O33 - MountPoints2\{48da855a-6b3d-11df-979f-001fc6689462}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6d6d7ef8-b784-11df-b9b8-001fc6689462}\Shell - "" = AutoRun
O33 - MountPoints2\{6d6d7ef8-b784-11df-b9b8-001fc6689462}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{6ec7ed0b-bb6c-11df-b180-001fc6689462}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.01 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Malwarebytes
[2013.03.01 22:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 22:23:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.01 22:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.24 13:16:22 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Yrre
[2013.02.24 13:16:22 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Efme
[2013.02.24 13:16:22 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\AppData\Roaming\Apyzc
[2013.02.15 17:14:54 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\Desktop\FÜR FP
[2013.02.15 15:05:15 | 000,000,000 | ---D | C] -- C:\Users\Timo & Nici\Desktop\drucken
[2011.12.14 19:49:57 | 014,597,312 | ---- | C] (Mozilla) -- C:\Users\Timo & Nici\Firefox Setup 8.0.1.exe
[2010.06.03 21:30:14 | 007,981,569 | ---- | C] (DsNET) -- C:\Users\Timo & Nici\aTube300_Catcher.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.02 10:18:18 | 000,000,000 | ---- | M] () -- C:\Users\Timo & Nici\defogger_reenable
[2013.03.02 10:00:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator.job
[2013.03.02 10:00:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2013.03.02 09:31:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.02 09:27:07 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 09:27:07 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.02 08:34:11 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.02 08:34:11 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.02 08:34:11 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.02 08:34:11 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.02 08:27:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.02 08:26:58 | 3220,398,080 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 23:54:08 | 000,013,174 | ---- | M] () -- C:\Users\Timo & Nici\Desktop\Trojaner.odt
[2013.02.27 14:41:45 | 000,150,528 | ---- | M] () -- C:\Users\Timo & Nici\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.03 16:09:19 | 000,020,147 | ---- | M] () -- C:\Users\Timo & Nici\Documents\Haushaltsbuch_2013.ods
 
========== Files Created - No Company Name ==========
 
[2013.03.02 10:18:18 | 000,000,000 | ---- | C] () -- C:\Users\Timo & Nici\defogger_reenable
[2013.03.01 22:13:39 | 000,013,174 | ---- | C] () -- C:\Users\Timo & Nici\Desktop\Trojaner.odt
[2013.02.22 16:26:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 15:48:57 | 000,020,147 | ---- | C] () -- C:\Users\Timo & Nici\Documents\Haushaltsbuch_2013.ods
[2010.07.02 12:43:40 | 000,000,922 | ---- | C] () -- C:\Users\Timo & Nici\dm-Fotowelt.lnk
[2010.07.02 12:40:03 | 001,430,584 | ---- | C] () -- C:\Users\Timo & Nici\setup_dm_Fotowelt.exe
[2009.10.23 18:59:24 | 000,000,439 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Roaming\mdbu.bin
[2009.03.15 11:51:41 | 000,007,268 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\d3d9caps.dat
[2008.07.19 13:13:37 | 000,150,528 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.19 13:04:04 | 000,000,099 | ---- | C] () -- C:\Users\Timo & Nici\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008.11.06 13:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.24 13:16:22 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Apyzc
[2008.12.09 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Datalayer
[2013.02.24 13:16:22 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Efme
[2008.12.09 21:05:19 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Nokia
[2008.10.28 20:36:05 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\OpenOffice.org
[2008.07.19 17:05:19 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Packard Bell
[2008.12.09 21:03:28 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\PC Suite
[2010.10.16 14:42:03 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\ProtectDisc
[2010.05.29 17:52:04 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Western Digital
[2008.11.25 06:43:06 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\WordToPDF
[2013.03.01 23:32:25 | 000,000,000 | ---D | M] -- C:\Users\Timo & Nici\AppData\Roaming\Yrre
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\yamaha.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\web to date Projekte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\VLC media player:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Unterlagen Allscheidt 6:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp Website Backup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SuperTIPp Webseite_Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\SUP_31_22_Me_Ti.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Studie AB.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Stimmgabel_Yamaha.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Skript:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\s.n. Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Rückwärtszähler:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\restore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Personalausweis.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\MORITZ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Immo-Seite alt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\HOCHZEIT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\fonts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Expose:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Erzeugte Websites:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Eigene Scans:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Driegeltrath:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\diverses:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Bewerbungen 2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Armin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\ap:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Andy Bewerbung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Am Kämpchen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Documents\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\Nici Arbeit:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\FÜR FP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\drucken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Timo & Nici\Desktop\bad:Roxio EMC Stream
         
Code:
ATTFilter
OTL Extras logfile created on: 02.03.2013 10:21:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo & Nici\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 54,99% Memory free
6,17 Gb Paging File | 4,92 Gb Available in Paging File | 79,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,88 Gb Total Space | 154,03 Gb Free Space | 67,00% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI | User Name: Timo & Nici | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC11D7A-382C-49F8-AA3B-7B35FDE53B1C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0F4BFA5A-C71E-455D-AE7F-F5A68AE23E0C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{498DF453-3FDD-4F81-B097-B7EE3234ADBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5BAB4981-7152-4864-BE83-249D7AB9BFF8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{89B82B15-10A0-4CDE-9D1E-21D8DA288F79}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9AB3BD36-957A-45BC-AB88-F8BD0DA8AA6A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9C7AA73D-5302-4758-9786-06E7C5756793}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9F9D628B-D5CC-492B-916D-CFEEF4BB4DB7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B32159DA-05A3-4F46-9AEE-8DFB7EBB00AD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D3FFA111-641E-4C85-944B-CBDBE1B6EF92}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EB2843-4BAD-45A7-8C4C-EEE8C4F61C0F}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{1A283C4B-83A0-4FC6-A60C-F7996C884E81}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1C5D26BF-0135-42C9-937C-F082BF28E472}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{24E7E0C2-827A-4FFC-84A7-F7472161C0BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2760EC05-FA31-4066-978E-26BFDDF56CCD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2A3F5692-0F66-4D12-A07A-2108EDFF791A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{3B04681E-9960-4ECF-ADC7-9993027DE195}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{3BA5A97B-99B7-40F2-92D9-3B311B1CADA0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{3D789947-1327-4EEF-B3E6-43028595EADD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{4D86AED2-E850-4FEE-81D6-76FADBB6C8AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{51321EE3-2B2C-499B-BAE2-D3794DF724B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{5CC1B2E7-050A-4171-BB93-FC71AE0654F9}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{6EEBCFE1-77F9-407A-8035-2302F559C1AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{75471811-32B3-491C-8B91-471FD337E7E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{7E11796B-63C3-48E6-AA5D-24ABB742E2E5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{817612C7-132B-4470-94F6-B4E608F060A0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{81862F82-C575-46DC-927E-A02ED682CB3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{912788FE-1108-4A1E-AE8B-653AED257B96}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{AAA00D6A-FE8F-4EB1-A0EF-04C64567B148}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{B1E6296F-27A7-4CC4-BA7B-63107F773824}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B48DDAFB-DC2D-4C5D-B159-E77828CAD992}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{CC164EE3-DD36-4E7E-85DD-85015F4FDE1A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{D75BB2C3-09C3-47EB-946C-C4FCE83B1FE2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{DB9E1049-2CB0-4610-AE1A-516EA7923C67}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{EC8EE595-2CD0-40E7-B58C-65089D827CD0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F29D12F9-59B2-4F8D-B240-9B1208072BAE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{FC967F93-3F0A-4900-8028-FD605B5390E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{1D9C37BF-9889-4518-A91E-4BE9C66AE32B}C:\program files\typo3\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files\typo3\apache\bin\apache.exe | 
"TCP Query User{215F2B8B-69B4-4479-BE58-A65B11CA1E20}D:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=d:\bin\ia\core\mdm_util.exe | 
"TCP Query User{226EAA1D-75FC-41B5-82E1-2017C0BEE8DE}C:\program files\data becker\web to date 6.0\ftptrans.exe" = protocol=6 | dir=in | app=c:\program files\data becker\web to date 6.0\ftptrans.exe | 
"TCP Query User{2737CBE0-3522-40B4-A97D-F0EEA5CED0C1}C:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe | 
"TCP Query User{45325262-C72D-4B8A-A66F-25C5692C5569}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{77108691-02CA-4890-81C7-F4754695413B}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{A2627E80-0276-4703-BA46-D45761074565}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"TCP Query User{A70D80E5-7405-4789-9EE9-F9D1239CA3B4}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"TCP Query User{A8C456CF-9343-47A0-9950-94A2CF7FA21A}C:\program files\data becker\web to date 7\ftptrans.exe" = protocol=6 | dir=in | app=c:\program files\data becker\web to date 7\ftptrans.exe | 
"TCP Query User{E6C36B1D-F62D-4E88-AD41-D46EAA6420B7}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{EF0ED677-FAE2-4C10-A9F8-88FD4AC899C1}C:\program files\typo3\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\typo3\mysql\bin\mysqld.exe | 
"UDP Query User{0620CE6A-7E94-4E8E-89CD-61692A2DEA80}C:\program files\data becker\web to date 7\ftptrans.exe" = protocol=17 | dir=in | app=c:\program files\data becker\web to date 7\ftptrans.exe | 
"UDP Query User{0EEB2791-3AB0-4455-9CC1-B9AF3D58AA86}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"UDP Query User{1533C1C0-2C97-40CF-99C4-93D4E938B7A5}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{1B112852-A4E6-42AD-9E59-01EEC3BE7878}C:\program files\data becker\web to date 6.0\ftptrans.exe" = protocol=17 | dir=in | app=c:\program files\data becker\web to date 6.0\ftptrans.exe | 
"UDP Query User{29AD8B41-42A4-4CD3-B042-FDA30F46D422}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{88B0C670-5185-45D7-8A4A-7236D2CE0541}D:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=d:\bin\ia\core\mdm_util.exe | 
"UDP Query User{B8A97F01-CCA5-4F14-83FD-C0E2EFCBFDC1}C:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{DF5EB59D-CDEA-4858-941C-EB824D638B33}C:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 1.0\atube catcher 2.0\yct.exe | 
"UDP Query User{E4F94932-7A06-4756-AC64-49B8037DA944}C:\program files\typo3\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files\typo3\apache\bin\apache.exe | 
"UDP Query User{F21075C4-5505-4F23-88BE-AEA28ECC579C}C:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\timo & nici\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"UDP Query User{F255DEF9-AC6F-4CE5-BC06-78A6B9857B6C}C:\program files\typo3\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\typo3\mysql\bin\mysqld.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0C5A9DEB-AA63-E327-3067-28CC79EB61D8}" = CCC Help Spanish
"{0DE3F04D-1CB1-6481-F970-37DC56287F13}" = Catalyst Control Center Localization Polish
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1D70E271-4349-4802-BB77-8E8A23F37151}" = Catalyst Control Center Localization Turkish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{221BA099-FA5F-EB6C-2B8B-D7B384D79D11}" = ccc-utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C00028-4CC9-2FC5-85CD-1C29FB5442C0}" = Catalyst Control Center Localization Norwegian
"{299FB8EC-CA61-2503-C75D-394A3932FCF3}" = CCC Help Thai
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E21BC34-652C-E8FA-4FC1-DDCE012D2ADE}" = Catalyst Control Center Graphics Light
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF3552A-C9FA-BD8D-D8E5-DA25E0E2A95A}" = CCC Help Russian
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{328E72CE-19EC-CE8D-0D39-B9EAFA3606EB}" = Catalyst Control Center Localization French
"{3595EF18-1946-9F0D-0A5E-54B682D63D43}" = CCC Help Greek
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{409BF604-40A9-C7E5-5644-BE3D70756F10}" = CCC Help Polish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{46E1FFFA-D9FC-DB9A-DD0D-FD0C754ED232}" = ccc-core-static
"{475CD8E7-132C-C303-4E8E-5792D284A2B2}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E49E9B4-9B3E-DFF2-AE86-39AF2A675755}" = Catalyst Control Center Localization Japanese
"{4E98EBDD-D4F5-C4EA-319A-F213763BE5A9}" = Catalyst Control Center Localization Thai
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5CFA2909-F2D4-D5F6-B122-D86638BD6118}" = Catalyst Control Center Localization Greek
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65663213-4239-02AB-29C7-0B23EBD30AFC}" = CCC Help Czech
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68F330AF-55AF-337A-B570-841517C5D174}" = CCC Help Turkish
"{69DAA768-DE42-46F4-BBAB-1E2CE5F90BAE}" = WPC-EASY-V1.2-DEMO  1.2
"{6AF47E58-84F4-0453-9277-5AB5F202AC88}" = CCC Help Chinese Traditional
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C7A02F0-0ADE-00D1-5EEB-B3495AE33371}" = CCC Help Finnish
"{6CB09473-7C20-7844-1CC0-29D0C51884AE}" = Catalyst Control Center Localization Portuguese
"{6D69A2C1-7194-AE60-4AD6-1477C14ED50D}" = Catalyst Control Center Localization Finnish
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77F7B355-0612-B4D0-250E-701DC65ED26B}" = Catalyst Control Center Localization Danish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B1145B0-2B0E-72CA-DF99-924944747C49}" = CCC Help Italian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E65D89E-B956-880E-4DDE-9DE48B13A6A0}" = Catalyst Control Center Localization Spanish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{944523A5-F9DF-0C73-4C7E-8F95A489BEA9}" = Catalyst Control Center Core Implementation
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9665D8CE-8BB9-EE1E-8543-BDAD785AD7B4}" = Catalyst Control Center Localization Russian
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C20015F-B6F3-69E1-C222-4A96B0D1ECA2}" = CCC Help Danish
"{A17A5A40-6BD8-2E81-2148-6D85C45BBC08}" = Catalyst Control Center Localization Czech
"{A2046E31-D0A9-395E-42FC-195611A3D263}" = Catalyst Control Center Localization Chinese Traditional
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABE7F67B-9B82-D0B8-98A0-0B9857044BD9}" = Catalyst Control Center Localization Swedish
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B377CFB6-3DC9-DB9A-0FD6-F62B9656BAD7}" = CCC Help Norwegian
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{BBD6AE19-4BF2-F279-723A-FFE703C7BE35}" = CCC Help Japanese
"{BCBF5C93-EAF3-D3E1-56A0-E20905B6F0A5}" = CCC Help Chinese Standard
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8E571C4-0754-1D8B-E08E-04A3AE8FB807}" = Catalyst Control Center Localization Dutch
"{C9F12EC7-17B7-11DF-5823-D6667B33CE86}" = Catalyst Control Center Localization Korean
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A55340-F289-772A-FCF6-A4A3209CE863}" = CCC Help German
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC22B4FF-0500-9C3C-9645-0E192888480D}" = Catalyst Control Center Localization German
"{DDED2BA7-FE4E-1183-FDCF-348A4BE362A7}" = CCC Help Hungarian
"{DE376A2C-7964-617C-CB94-C2D1E9B6B24A}" = Catalyst Control Center Localization Italian
"{E2498002-042E-2D61-6578-42D995B021F2}" = CCC Help French
"{E2FCC9D2-AE19-9DA3-FDF8-58594C80126D}" = Catalyst Control Center Localization Chinese Standard
"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver
"{E82C6C1A-1258-ACE3-9061-2FA3FAF40398}" = Catalyst Control Center Localization Hungarian
"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager
"{EB89DC4E-A3C2-A1ED-4689-F95CF3E07CCA}" = CCC Help English
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE23EF27-B925-4A27-E2C7-1D9E5B038DD8}" = CCC Help Swedish
"{EE247152-BFC5-9C7B-E19F-A57BFF5FEB9C}" = CCC Help Korean
"{EF0F5226-0C5B-83C9-65CB-58F6D3E22F6B}" = Catalyst Control Center Graphics Full Existing
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7EFB45A-0244-02A2-E9E2-C6A1E7E3D3EB}" = CCC Help Portuguese
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FFC18C10-E04D-D93B-5029-A66B086BBEC7}" = Catalyst Control Center Graphics Full New
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"AdobeReader" = Adobe Reader 8
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 1.2.3
"Canon MG5200 series Benutzerregistrierung" = Canon MG5200 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CREATOR9" = Creator 9
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FirefoxDE" = Firefox
"Flashplayer" = Flash Player 9 Internet Explorer
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"FtpPilot" = FtpPilot
"GOOGLE_EARTH" = Google Earth
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"LCDTest" = Packard Bell LCD Test
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"METABOLI" = Metaboli
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"N360_2007_DE" = Norton 360
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SETUPMYPC_DE" = SetUp My PC
"Shockwave" = Shockwave player 10
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Updator" = Packard Bell Updator
"VLC media player" = VLC media player 1.1.10
"web to date 7_is1" = DATA BECKER web to date 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WordToPDF_is1" = WordToPDF 2.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Kies Air Discovery Service" = Kies Air Discovery Service
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.03.2013 15:03:26 | Computer Name = Lappi | Source = VSS | ID = 8194
Description = 
 
Error - 01.03.2013 16:16:54 | Computer Name = Lappi | Source = MsiInstaller | ID = 11730
Description = 
 
Error - 01.03.2013 17:15:45 | Computer Name = Lappi | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 01.03.2013 17:15:57 | Computer Name = Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.03.2013 17:21:52 | Computer Name = Lappi | Source = WerSvc | ID = 5007
Description = 
 
Error - 01.03.2013 18:55:55 | Computer Name = Lappi | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 01.03.2013 18:56:11 | Computer Name = Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.03.2013 03:27:58 | Computer Name = Lappi | Source = WDSmartWareBackgroundService | ID = 0
Description = 
 
Error - 02.03.2013 03:28:08 | Computer Name = Lappi | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.03.2013 03:31:18 | Computer Name = Lappi | Source = WerSvc | ID = 5007
Description = 
 
[ System Events ]
Error - 01.03.2013 18:54:38 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 2, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.03.2013 18:54:38 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 4, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.03.2013 18:54:38 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.03.2013 18:54:39 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.03.2013 18:56:30 | Computer Name = Lappi | Source = DCOM | ID = 10010
Description = 
 
Error - 01.03.2013 18:56:44 | Computer Name = Lappi | Source = BROWSER | ID = 8017
Description = 
 
Error - 02.03.2013 03:26:41 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 2, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 02.03.2013 03:26:41 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 4, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 02.03.2013 03:26:41 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 7, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 02.03.2013 03:26:42 | Computer Name = Lappi | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
 6, Funktion 0.   Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
 
< End of report >
         
Bei Gmer (3 mal versucht) kam immer eine Fehlermeldung (2 mal ist der Laptop sogar einfach mittendrin runtergefahren). Habe ich da was verkehrt gemacht? Das wurde angezeigt:

Code:
ATTFilter
Problemsignatur:
  Problemereignisname:	BlueScreen
  Betriebsystemversion:	6.0.6000.2.0.0.768.3
  Gebietsschema-ID:	1031

Zusatzinformationen zum Problem:
  BCCode:	1000008e
  BCP1:	C0000005
  BCP2:	8244785D
  BCP3:	A0E57A54
  BCP4:	00000000
  OS Version:	6_0_6000
  Service Pack:	0_0
  Product:	768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
  C:\Windows\Minidump\Mini030213-02.dmp
  C:\Users\Timo & Nici\AppData\Local\Temp\WER-90449-0.sysdata.xml
  C:\Users\Timo & Nici\AppData\Local\Temp\WERA15D.tmp.version.txt
         


Ich hoffe das war alles, was ihr braucht - sonst reiche ich gerne nach!

Was habe ich denn da genau? Bei der Commerzbank habe ich schon darum gebeten, den Zugang zu sperren und neue Daten zu schicken. Muss ich auch alle meine Passwörter (über Handy oder so) ändern? Kann jemand jetzt Spam über meinen Account verschicken? Fragen über Fragen - sorry!

Ich drücke die Daumen, dass das wieder wird und bin dankbar für eure Hilfe und evtl. Tipps für ein gutes (gerne kostenfreies oder günstiges) Antiviren-Programm o.ä. Jetzt bin ich ja schlauer

Also, vielen vielen Dank für Anweisungen (bin nicht ganz so bewandert in Sachen Technik)

Gruß, Nici

 

Themen zu Downloadtrojaner gefunden (Win32/Dofoil.R)
32 bit, antiviren-programm, audacity, becker, bho, bonjour, canon, danke für eure hilfe!, desktop, downloader, downloadtrojaner, e-banking, error, firefox, flash player, frage, hilfreich, home, index, install.exe, internet, logfile, minidump, mozilla, msiinstaller, packard bell, plug-in, popup, programm, realtek, registry, rojaner gefunden, scan, security, softonic deutsch toolbar, software, super, symantec, system, trojan.agent.iet, trojaner, typo3, viren, vista, windows, ändern




Ähnliche Themen: Downloadtrojaner gefunden (Win32/Dofoil.R)


  1. Win32: Malware-gen / Win32: Trojan-gen bei Routinescan mit AVAST gefunden! Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (5)
  2. WIN 7,Trojaner Dofoil,Pishing beim Homebanking
    Lob, Kritik und Wünsche - 31.03.2014 (0)
  3. WIN 7,Trojaner Dofoil,Pishing beim Homebanking
    Log-Analyse und Auswertung - 31.03.2014 (13)
  4. Trojaner TR/Dldr.Dofoil.R.638 und (Virus?) JAVA/Agent.XB
    Log-Analyse und Auswertung - 04.07.2013 (13)
  5. Comdirect TAN-Abfrage. Funde wie TR/Bublik.I.17, TR/Spy.Dofoil.B...
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (15)
  6. Rogue:Win32/Winwebsec, PWS:Win32/Fareit, Exploit:Java/CVE-2013-2423 gefunden und entfernt. Was nun?
    Log-Analyse und Auswertung - 09.06.2013 (19)
  7. Trojan Downloader: Win 32/Dofoil/U und PWS.Win32/Zbot.gen!Y auf PC gefunden
    Log-Analyse und Auswertung - 02.06.2013 (1)
  8. Trojan.Win32.Yakes.cmpu und not-a-virus:RemoteAdmin.Win32.WinVNC.mx durch Kasperky gefunden - Vorgehen?
    Log-Analyse und Auswertung - 01.04.2013 (22)
  9. 3 Trojianer gefunden: Win32: Sirefef-AVF, JS: ScriptPE-inf, Win32: Malware-gen
    Log-Analyse und Auswertung - 02.02.2013 (4)
  10. Win32/Kryptik.ACPZ und Win32/Gataka.A gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (29)
  11. Malware tr/dldr.dofoil.d.303 gefunden und sie kommt immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (38)
  12. TR/Ransom.PS.1, DDOS/Dofoil.A.73
    Log-Analyse und Auswertung - 29.01.2012 (11)
  13. 4 Trojaner Kazy, Dofoil, Jorik.Spyeyes, Spy.Gen gefunden durch AntiVir
    Log-Analyse und Auswertung - 05.06.2011 (9)
  14. Win32:maleware-gen im Nvidia Treiber Win32.corrupt.Ag , PUA.PackedPECompact-1 Gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.12.2010 (0)
  15. Win32:Trojan-gen, Win32:Rootkit-gen, Win32:Adware-gen gefunden!
    Log-Analyse und Auswertung - 14.07.2008 (1)
  16. Win32:BHO-KD und Win32:Trojano-3384 Trojanern gefunden: Sie lassen sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 15.01.2008 (1)
  17. NOD32 hat Win32/Adware.UCmore und Win32/ServU-Daemon auf E: gefunden!
    Plagegeister aller Art und deren Bekämpfung - 18.04.2006 (7)

Zum Thema Downloadtrojaner gefunden (Win32/Dofoil.R) - Liebe Experten! Erstmal danke für eure Hilfe!!!! Als ich mich gestern beim Online-Banking angemeldet habe, wurde ich in einem Popup (in schlechterem Deutsch) aufgefordert, meine TANs einzugeben Also habe ich - Downloadtrojaner gefunden (Win32/Dofoil.R)...
Archiv
Du betrachtest: Downloadtrojaner gefunden (Win32/Dofoil.R) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.