| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner im Online-BankingWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.11.2012, 23:59
| #1 |
 |  Trojaner im Online-Banking Hallo, ich habe folgendes Problem: Heute Nachmittag habe ich mich im Online-Banking angemeldet und bekam sofort eine untypische Meldung: Die Sparkasse stellt demnächst auf ein neues Sicherheitsverfahren um. Das Sicherheitsupdate würde im Hintergrund ablaufen, damit es für die Kunden so bequem wie möglich abläuft und sie möglichst wenig davon merken. Man solle aber schon mal eine Testversion ausprobieren. Nach einigen Minuten Wartezeit würde man dorthin weitergeleitet, nachdem die Konfiguration des Systems gescannt worden ist. Ich habe den Internet-Explorer sofort beendet. Telefonische Rücksprache mit der Sparkasse hat dann bestätigt, was ich schon befürchtet hatte: Ich hab mir einen Trojaner eingehandelt. Aber ich habe keine Vorstellung wie. Ich kann mich nicht erinnern "fragwürdige" Emails erhalten zu haben geschweige denn irgendwelche obskuren Anhänge geöffnet zu haben. Ich habe sodann meinen Virenscanner (Avira) erstmal über das System drüberbügeln lassen. Da ich aber nicht wirklich Ahnung habe was genau zu tun ist um den Trojaner wieder loszuwerden bleibt mir nichts anderes übrig als mich an euch zu wenden. Ich habe auch bereits einige "einleitende" Schritte unternommen, wie bei euch auf der Seite beschrieben: 1. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:10 on 22/11/2012 (Marcel)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read BrSerId.sys
Unable to read BrSerWdm.sys
Unable to read BrUsbMdm.sys
Unable to read BrUsbSer.sys
Unable to read bthmodem.sys
Unable to read bxvbdx.sys
Unable to read cdfs.sys
Unable to read cdrom.sys
Unable to read circlass.sys
Unable to read Classpnp.sys
Unable to read CmBatt.sys
Unable to read cmdide.sys
Unable to read cng.sys
Unable to read compbatt.sys
Unable to read CompositeBus.sys
Unable to read crashdmp.sys
Unable to read crcdisk.sys
Unable to read dfsc.sys
Unable to read discache.sys
Unable to read disk.sys
Unable to read Diskdump.sys
Unable to read djsvs.sys
Unable to read drmk.sys
Unable to read drmkaud.sys
Unable to read Dumpata.sys
Unable to read dumpfve.sys
Unable to read dxapi.sys
Unable to read dxg.sys
Unable to read dxgkrnl.sys
Unable to read dxgmms1.sys
Unable to read eaee972c454f49b9.sys
Unable to read elxstor.sys
Unable to read errdev.sys
Unable to read evbdx.sys
Unable to read exfat.sys
Unable to read fastfat.sys
Unable to read fdc.sys
Unable to read fileinfo.sys
Unable to read filetrace.sys
Unable to read flpydisk.sys
Unable to read fltMgr.sys
Unable to read fsdepends.sys
Unable to read fs_rec.sys
Unable to read fvevol.sys
Unable to read FWPKCLNT.SYS
Unable to read GAGP30KX.SYS
Unable to read GEARAspiWDM.sys
Unable to read hcw85cir.sys
Unable to read hdaudbus.sys
Unable to read HdAudio.sys
Unable to read hidbatt.sys
Unable to read hidbth.sys
Unable to read hidclass.sys
Unable to read hidir.sys
Unable to read hidparse.sys
Unable to read hidusb.sys
Unable to read HpSAMD.sys
Unable to read http.sys
Unable to read hwpolicy.sys
Unable to read i8042prt.sys
Unable to read iaStor.sys
Unable to read iaStorV.sys
Unable to read iirsp.sys
Unable to read intelide.sys
Unable to read intelppm.sys
Unable to read ipfltdrv.sys
Unable to read IPMIDrv.sys
Unable to read ipnat.sys
Unable to read irda.sys
Unable to read irenum.sys
Unable to read isapnp.sys
Unable to read kbdclass.sys
Unable to read kbdhid.sys
Unable to read ks.sys
Unable to read ksecdd.sys
Unable to read ksecpkg.sys
Unable to read lltdio.sys
Unable to read lsi_fc.sys
Unable to read lsi_sas.sys
Unable to read lsi_sas2.sys
Unable to read lsi_scsi.sys
Unable to read luafv.sys
Unable to read mcd.sys
Unable to read megasas.sys
Unable to read MegaSR.sys
Unable to read modem.sys
Unable to read monitor.sys
Unable to read mouclass.sys
Unable to read mouhid.sys
Unable to read mountmgr.sys
Unable to read mpio.sys
Unable to read mpsdrv.sys
Unable to read mrxdav.sys
Unable to read mrxsmb.sys
Unable to read mrxsmb10.sys
Unable to read mrxsmb20.sys
Unable to read msahci.sys
Unable to read msdsm.sys
Unable to read msfs.sys
Unable to read mshidkmdf.sys
Unable to read msisadrv.sys
Unable to read msiscsi.sys
Unable to read mskssrv.sys
Unable to read mspclock.sys
Unable to read mspqm.sys
Unable to read msrpc.sys
Unable to read mssmbios.sys
Unable to read mstee.sys
Unable to read MTConfig.sys
Unable to read mup.sys
Unable to read ndis.sys
Unable to read ndiscap.sys
Unable to read ndistapi.sys
Unable to read ndisuio.sys
Unable to read ndiswan.sys
Unable to read ndproxy.sys
Unable to read netbios.sys
Unable to read netbt.sys
Unable to read netio.sys
Unable to read nfrd960.sys
Unable to read npfs.sys
Unable to read nsiproxy.sys
Unable to read ntfs.sys
Unable to read null.sys
Unable to read nusb3hub.sys
Unable to read nusb3xhc.sys
Unable to read nvraid.sys
Unable to read nvstor.sys
Unable to read NV_AGP.SYS
Unable to read nwifi.sys
Unable to read ohci1394.sys
Unable to read pacer.sys
Unable to read parport.sys
Unable to read partmgr.sys
Unable to read parvdm.sys
Unable to read pccsmcfd.sys
Unable to read pci.sys
Unable to read pciide.sys
Unable to read pciidex.sys
Unable to read pcmcia.sys
Unable to read pcw.sys
Unable to read PEAuth.sys
Unable to read portcls.sys
Unable to read processr.sys
Unable to read ql2300.sys
Unable to read ql40xx.sys
Unable to read qwavedrv.sys
Unable to read rasacd.sys
Unable to read rasl2tp.sys
Unable to read raspppoe.sys
Unable to read raspptp.sys
Unable to read rassstp.sys
Unable to read rdbss.sys
Unable to read rdpbus.sys
Unable to read RDPCDD.sys
Unable to read RDPENCDD.sys
Unable to read RDPREFMP.sys
Unable to read rdpwd.sys
Unable to read rdyboost.sys
Unable to read rmcast.sys
Unable to read RNDISMP.sys
Unable to read rootmdm.sys
Unable to read rspndr.sys
Unable to read Rt86win7.sys
Unable to read RTKVHDA.sys
Unable to read RTL8192su.sys
Unable to read sbp2port.sys
Unable to read scfilter.sys
Unable to read scsiport.sys
Unable to read secdrv.sys
Unable to read serenum.sys
Unable to read serial.sys
Unable to read sermouse.sys
Unable to read sffdisk.sys
Unable to read sffp_mmc.sys
Unable to read sffp_sd.sys
Unable to read sfloppy.sys
Unable to read Sftfslh.sys
Unable to read Sftplaylh.sys
Unable to read Sftredirlh.sys
Unable to read Sftvollh.sys
Unable to read SISAGP.SYS
Unable to read sisraid2.sys
Unable to read sisraid4.sys
Unable to read smb.sys
Unable to read smclib.sys
Unable to read sncamd.sys
Unable to read snp2sxp.sys
Unable to read spldr.sys
Unable to read spsys.sys
Unable to read srv.sys
Unable to read srv2.sys
Unable to read srvnet.sys
Unable to read ss_bbus.sys
Unable to read ss_bcm.sys
Unable to read ss_bcmnt.sys
Unable to read ss_bmdfl.sys
Unable to read ss_bmdm.sys
Unable to read ss_bwh.sys
Unable to read ss_bwhnt.sys
Unable to read StarOpen.sys
Unable to read stexstor.sys
Unable to read storport.sys
Unable to read swenum.sys
Unable to read tape.sys
Unable to read tcpip.sys
Unable to read tcpipreg.sys
Unable to read tdi.sys
Unable to read tdpipe.sys
Unable to read tdtcp.sys
Unable to read tdx.sys
Unable to read termdd.sys
Unable to read tssecsrv.sys
Unable to read TsUsbFlt.sys
Unable to read tunnel.sys
Unable to read UAGP35.SYS
Unable to read udfs.sys
Unable to read ULIAGPKX.SYS
Unable to read umbus.sys
Unable to read umpass.sys
Unable to read usb8023.sys
Unable to read usbccgp.sys
Unable to read usbcir.sys
Unable to read usbd.sys
Unable to read usbehci.sys
Unable to read usbhub.sys
Unable to read usbohci.sys
Unable to read usbport.sys
Unable to read usbprint.sys
Unable to read usbscan.sys
Unable to read USBSTOR.SYS
Unable to read usbuhci.sys
Unable to read vdrvroot.sys
Unable to read vga.sys
Unable to read vgapnp.sys
Unable to read vhdmp.sys
Unable to read VIAAGP.SYS
Unable to read viac7.sys
Unable to read viaide.sys
Unable to read videoprt.sys
Unable to read volmgr.sys
Unable to read volmgrx.sys
Unable to read volsnap.sys
Unable to read vsmraid.sys
Unable to read vwifibus.sys
Unable to read vwififlt.sys
Unable to read vwifimp.sys
Unable to read wacompen.sys
Unable to read wanarp.sys
Unable to read watchdog.sys
Unable to read wd.sys
Unable to read Wdf01000.sys
Unable to read WdfLdr.sys
Unable to read wfplwf.sys
Unable to read wimmount.sys
Unable to read wmiacpi.sys
Unable to read wmilib.sys
Unable to read ws2ifsl.sys
Unable to read WUDFPf.sys
Unable to read WUDFRd.sys
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 22.11.2012 21:50:37 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,75% Memory free 12,76 Gb Paging File | 11,23 Gb Available in Paging File | 88,05% Paging File free Paging file location(s): c:\pagefile.sys 10000 15000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356,17 Gb Total Space | 1228,56 Gb Free Space | 90,59% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 20,99 Gb Free Space | 52,48% Space Free | Partition Type: NTFS Drive E: | 164,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 111,79 Gb Total Space | 48,44 Gb Free Space | 43,33% Space Free | Partition Type: NTFS Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.22 20:45:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe PRC - [2012.11.21 21:59:57 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe PRC - [2012.08.12 13:00:09 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.15 08:23:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.06 14:30:55 | 000,109,168 | ---- | M] () -- C:\Program Files\Online Visions\Payback-Reporting.exe PRC - [2012.01.06 14:30:54 | 000,186,992 | ---- | M] () -- C:\Program Files\Online Visions\Payback-Updater.exe PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.08 14:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.27 17:59:54 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.05.27 17:59:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.04.27 18:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.03.04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.04.02 18:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2007.09.28 15:32:26 | 000,344,064 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.07.11 15:09:48 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe PRC - [2007.05.10 16:05:22 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp2std.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 06:05:11 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.14 06:04:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 06:04:46 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.15 07:26:28 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll MOD - [2012.05.15 06:18:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.15 06:17:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.15 06:17:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.15 06:17:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.15 06:17:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.15 06:17:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.05.27 20:40:48 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.05.12 14:12:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007.07.11 15:09:48 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe MOD - [2007.05.10 16:05:22 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp2std.exe ========== Services (SafeList) ========== SRV - [2012.08.31 20:02:25 | 000,070,144 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\eaee972c454f49b9.sys -- (eaee972c454f49b9) SRV - [2012.05.15 08:23:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.15 08:23:22 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.15 08:23:22 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.06 14:30:55 | 000,109,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Online Visions\Payback-Reporting.exe -- (Payback-Reporting-Service) SRV - [2012.01.06 14:30:54 | 000,186,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Online Visions\Payback-Updater.exe -- (Payback-Update-Service) SRV - [2011.10.01 13:30:35 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.05.27 17:59:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.03.04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Marcel\AppData\Local\Temp\aswMBR.sys -- (aswMBR) DRV - [2012.09.29 18:48:04 | 000,137,928 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\avipbb.sys -- (avipbb) DRV - [2012.09.29 18:48:04 | 000,036,000 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\DRIVERS\avkmgr.sys -- (avkmgr) DRV - [2012.08.31 20:02:25 | 000,070,144 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\eaee972c454f49b9.sys -- (eaee972c454f49b9) DRV - [2012.06.02 05:45:04 | 000,067,440 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecdd.sys -- (KSecDD) DRV - [2012.06.02 05:45:03 | 000,134,000 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2012.06.02 05:40:59 | 000,369,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2012.05.15 08:23:23 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.28 04:17:07 | 000,183,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD) DRV - [2012.03.30 11:23:11 | 001,291,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tcpip.sys -- (TCPIP6) DRV - [2012.03.30 11:23:11 | 001,291,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip) DRV - [2012.03.17 08:27:18 | 000,056,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr) DRV - [2012.03.01 06:46:57 | 000,019,824 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2012.02.17 05:13:22 | 000,024,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\Sftfslh.sys -- (Sftfs) DRV - [2011.07.09 03:30:00 | 000,223,744 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb10.sys -- (mrxsmb10) DRV - [2011.04.29 03:46:33 | 000,311,808 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srv.sys -- (srv) DRV - [2011.04.29 03:46:15 | 000,310,272 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srv2.sys -- (srv2) DRV - [2011.04.29 03:46:10 | 000,114,688 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srvnet.sys -- (srvnet) DRV - [2011.04.27 03:17:28 | 000,096,768 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb20.sys -- (mrxsmb20) DRV - [2011.04.27 03:17:22 | 000,123,904 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb.sys -- (mrxsmb) DRV - [2011.04.25 03:18:03 | 000,338,944 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD) DRV - [2011.03.25 03:58:37 | 000,258,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbhub.sys -- (usbhub) DRV - [2011.03.25 03:58:06 | 000,075,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbccgp.sys -- (usbccgp) DRV - [2011.03.25 03:57:58 | 000,043,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci) DRV - [2011.03.25 03:57:58 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci) DRV - [2011.03.25 03:57:56 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci) DRV - [2011.03.11 06:39:00 | 001,211,264 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs) DRV - [2011.03.11 05:01:12 | 000,076,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR) DRV - [2011.02.23 05:47:33 | 000,069,632 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\bowser.sys -- (bowser) DRV - [2010.11.28 13:47:39 | 000,110,304 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09) DRV - [2010.11.20 13:30:16 | 000,245,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap) DRV - [2010.11.20 13:30:16 | 000,053,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr) DRV - [2010.11.20 13:30:14 | 000,160,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhdmp.sys -- (vhdmp) DRV - [2010.11.20 13:30:12 | 000,053,120 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD) DRV - [2010.11.20 13:30:10 | 000,173,440 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2010.11.20 13:30:10 | 000,085,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port) DRV - [2010.11.20 13:30:06 | 000,712,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS) DRV - [2010.11.20 13:30:06 | 000,153,984 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci) DRV - [2010.11.20 13:30:05 | 000,233,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt) DRV - [2010.11.20 13:30:04 | 000,116,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm) DRV - [2010.11.20 13:30:01 | 000,130,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio) DRV - [2010.11.20 13:30:01 | 000,028,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci) DRV - [2010.11.20 13:30:00 | 000,078,208 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr) DRV - [2010.11.20 13:29:53 | 000,014,208 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2010.11.20 13:29:47 | 000,728,448 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl) DRV - [2010.11.20 13:29:15 | 000,274,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ACPI.sys -- (ACPI) DRV - [2010.11.20 13:24:30 | 000,194,800 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\fvevol.sys -- (fvevol) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbflt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:22:20 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tssecsrv.sys -- (tssecsrv) DRV - [2010.11.20 11:22:19 | 000,006,656 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\RDPCDD.sys -- (RDPCDD) DRV - [2010.11.20 11:21:10 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2010.11.20 11:07:50 | 000,118,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndiswan.sys -- (NdisWan) DRV - [2010.11.20 11:07:45 | 000,063,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarpv6) DRV - [2010.11.20 11:07:45 | 000,063,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (WANARP) DRV - [2010.11.20 11:07:39 | 000,048,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy) DRV - [2010.11.20 11:07:13 | 000,035,328 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg) DRV - [2010.11.20 11:06:41 | 000,108,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tunnel.sys -- (tunnel) DRV - [2010.11.20 11:06:36 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndisuio.sys -- (Ndisuio) DRV - [2010.11.20 11:01:12 | 000,164,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2010.11.20 11:00:24 | 000,039,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus) DRV - [2010.11.20 11:00:21 | 000,304,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService) DRV - [2010.11.20 10:59:38 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb) DRV - [2010.11.20 10:59:20 | 000,132,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\WUDFRd.sys -- (WUDFRd) DRV - [2010.11.20 10:58:59 | 000,092,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WudfPf.sys -- (WudfPf) DRV - [2010.11.20 10:50:49 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd) DRV - [2010.11.20 10:50:21 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2010.11.20 10:50:10 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid) DRV - [2010.11.20 10:29:49 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appid.sys -- (AppID) DRV - [2010.11.20 10:24:56 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\scfilter.sys -- (scfilter) DRV - [2010.11.20 10:19:15 | 000,065,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV) DRV - [2010.11.20 09:47:55 | 000,010,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpipmi.sys -- (AcpiPmi) DRV - [2010.11.20 09:44:05 | 000,242,688 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\rdbss.sys -- (rdbss) DRV - [2010.11.20 09:42:43 | 000,115,712 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2010.11.20 09:42:32 | 000,078,336 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\Drivers\dfsc.sys -- (DfsC) DRV - [2010.11.20 09:42:28 | 000,246,784 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\udfs.sys -- (udfs) DRV - [2010.11.20 09:40:21 | 000,513,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HTTP.sys -- (HTTP) DRV - [2010.11.20 09:39:44 | 000,187,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\netbt.sys -- (NetBT) DRV - [2010.11.20 09:39:17 | 000,074,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\tdx.sys -- (tdx) DRV - [2010.11.20 09:38:10 | 000,108,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\cdrom.sys -- (cdrom) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.27 18:38:24 | 005,586,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (amdkmdag) DRV - [2010.05.27 17:25:18 | 000,209,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\atikmpag.sys -- (amdkmdap) DRV - [2010.05.06 10:21:42 | 000,108,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.04.27 17:28:46 | 000,146,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.04.27 17:27:50 | 000,064,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\nusb3hub.sys -- (nusb3hub) DRV - [2009.09.22 14:34:44 | 000,579,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\RTL8192su.sys -- (RTL8192su) DRV - [2009.07.14 02:26:21 | 000,249,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\CLFS.sys -- (CLFS) DRV - [2009.07.14 02:26:21 | 000,019,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\compbatt.sys -- (Compbatt) DRV - [2009.07.14 02:26:15 | 000,053,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agp440.sys -- (agp440) DRV - [2009.07.14 02:26:15 | 000,021,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atapi.sys -- (atapi) DRV - [2009.07.14 02:26:15 | 000,014,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.07.14 02:20:45 | 000,012,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide) DRV - [2009.07.14 02:20:44 | 000,162,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC) DRV - [2009.07.14 02:20:44 | 000,105,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nv_agp.sys -- (nv_agp) DRV - [2009.07.14 02:20:44 | 000,049,728 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\Drivers\mup.sys -- (Mup) DRV - [2009.07.14 02:20:44 | 000,041,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass) DRV - [2009.07.14 02:20:44 | 000,028,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios) DRV - [2009.07.14 02:20:43 | 000,013,888 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv) DRV - [2009.07.14 02:20:36 | 000,046,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp) DRV - [2009.07.14 02:20:36 | 000,042,576 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass) DRV - [2009.07.14 02:20:36 | 000,015,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide) DRV - [2009.07.14 02:20:28 | 000,198,208 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltmgr.sys -- (FltMgr) DRV - [2009.07.14 02:20:28 | 000,058,448 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo) DRV - [2009.07.14 02:20:28 | 000,057,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\gagp30kx.sys -- (gagp30kx) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\FsDepends.sys -- (FsDepends) DRV - [2009.07.14 02:20:28 | 000,022,096 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\crcdisk.sys -- (crcdisk) DRV - [2009.07.14 02:20:27 | 000,057,424 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\disk.sys -- (Disk) DRV - [2009.07.14 02:19:11 | 000,297,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx) DRV - [2009.07.14 02:19:11 | 000,057,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uliagpkx.sys -- (uliagpkx) DRV - [2009.07.14 02:19:11 | 000,019,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wd.sys -- (Wd) DRV - [2009.07.14 02:19:10 | 000,445,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000) DRV - [2009.07.14 02:19:10 | 000,055,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\uagp35.sys -- (uagp35) DRV - [2009.07.14 02:19:10 | 000,053,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaagp.sys -- (viaagp) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,012,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:03 | 000,180,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pcmcia.sys -- (pcmcia) DRV - [2009.07.14 02:19:03 | 000,017,472 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr) DRV - [2009.07.14 01:41:15 | 000,586,752 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\peauth.sys -- (PEAUTH) DRV - [2009.07.14 01:17:06 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbprint.sys -- (usbprint) DRV - [2009.07.14 01:14:44 | 000,035,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbscan.sys -- (usbscan) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\rdprefmp.sys -- (RDPREFMP) DRV - [2009.07.14 01:01:39 | 000,006,656 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\rdpencdd.sys -- (RDPENCDD) DRV - [2009.07.14 00:55:24 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modem.sys -- (Modem) DRV - [2009.07.14 00:55:02 | 000,016,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\AgileVpn.sys -- (RasAgileVpn) DRV - [2009.07.14 00:54:58 | 000,075,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\rassstp.sys -- (RasSstp) DRV - [2009.07.14 00:54:53 | 000,077,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspppoe.sys -- (RasPppoe) DRV - [2009.07.14 00:54:48 | 000,073,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspptp.sys -- (PptpMiniport) DRV - [2009.07.14 00:54:46 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\asyncmac.sys -- (AsyncMac) DRV - [2009.07.14 00:54:40 | 000,011,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\rasacd.sys -- (RasAcd) DRV - [2009.07.14 00:54:34 | 000,078,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\rasl2tp.sys -- (Rasl2tp) DRV - [2009.07.14 00:54:29 | 000,101,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT) DRV - [2009.07.14 00:54:29 | 000,058,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver) DRV - [2009.07.14 00:54:24 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndistapi.sys -- (NdisTapi) DRV - [2009.07.14 00:54:13 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv) DRV - [2009.07.14 00:53:58 | 000,104,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\pacer.sys -- (Psched) DRV - [2009.07.14 00:53:54 | 000,036,352 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\netbios.sys -- (NetBIOS) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:53:41 | 000,071,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\smb.sys -- (Smb) DRV - [2009.07.14 00:53:27 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM) DRV - [2009.07.14 00:53:20 | 000,060,928 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rspndr.sys -- (rspndr) DRV - [2009.07.14 00:53:19 | 000,048,128 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\lltdio.sys -- (lltdio) DRV - [2009.07.14 00:52:53 | 000,060,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:52:04 | 000,048,128 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\vwififlt.sys -- (vwififlt) DRV - [2009.07.14 00:52:03 | 000,267,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\nwifi.sys -- (NativeWifiP) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:34 | 000,056,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\bthmodem.sys -- (BTHMODEM) DRV - [2009.07.14 00:51:33 | 000,091,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\hidbth.sys -- (HidBth) DRV - [2009.07.14 00:51:29 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394) DRV - [2009.07.14 00:51:18 | 000,086,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) DRV - [2009.07.14 00:51:17 | 000,037,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\circlass.sys -- (circlass) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:51:05 | 000,037,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\hidir.sys -- (HidIr) DRV - [2009.07.14 00:50:57 | 000,005,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:46:53 | 000,021,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wacompen.sys -- (WacomPen) DRV - [2009.07.14 00:45:52 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sfloppy.sys -- (sfloppy) DRV - [2009.07.14 00:45:52 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc) DRV - [2009.07.14 00:45:52 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk) DRV - [2009.07.14 00:45:45 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\fdc.sys -- (fdc) DRV - [2009.07.14 00:45:45 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\flpydisk.sys -- (flpydisk) DRV - [2009.07.14 00:45:35 | 000,079,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\parport.sys -- (Parport) DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\serial.sys -- (Serial) DRV - [2009.07.14 00:45:29 | 000,008,704 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\parvdm.sys -- (Parvdm) DRV - [2009.07.14 00:45:28 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\serenum.sys -- (Serenum) DRV - [2009.07.14 00:45:08 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mouhid.sys -- (mouhid) DRV - [2009.07.14 00:45:08 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sermouse.sys -- (sermouse) DRV - [2009.07.14 00:45:08 | 000,008,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSKSSRV.sys -- (MSKSSRV) DRV - [2009.07.14 00:45:08 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSTEE.sys -- (MSTEE) DRV - [2009.07.14 00:45:08 | 000,005,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPCLOCK.sys -- (MSPCLOCK) DRV - [2009.07.14 00:45:07 | 000,005,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPQM.sys -- (MSPQM) DRV - [2009.07.14 00:45:01 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep) DRV - [2009.07.14 00:25:59 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\monitor.sys -- (monitor) DRV - [2009.07.14 00:25:51 | 000,025,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave) DRV - [2009.07.14 00:25:49 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vgapnp.sys -- (vga) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:23:04 | 000,035,328 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\blbdrive.sys -- (blbdrive) DRV - [2009.07.14 00:19:21 | 000,021,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\HidBatt.sys -- (HidBatt) DRV - [2009.07.14 00:19:19 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev) DRV - [2009.07.14 00:19:18 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\CmBatt.sys -- (CmBatt) DRV - [2009.07.14 00:19:17 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi) DRV - [2009.07.14 00:15:45 | 000,086,528 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv) DRV - [2009.07.14 00:15:29 | 000,028,160 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace) DRV - [2009.07.14 00:14:03 | 000,142,336 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat) DRV - [2009.07.14 00:14:02 | 000,148,480 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat) DRV - [2009.07.14 00:12:08 | 000,016,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy) DRV - [2009.07.14 00:11:32 | 000,035,328 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs) DRV - [2009.07.14 00:11:26 | 000,022,528 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs) DRV - [2009.07.14 00:11:24 | 000,080,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt) DRV - [2009.07.14 00:11:15 | 000,070,656 | ---- | M] () [File_System | Disabled | Running] -- C:\Windows\System32\DRIVERS\cdfs.sys -- (cdfs) DRV - [2009.07.14 00:11:12 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null) DRV - [2009.07.14 00:11:04 | 000,055,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\amdk8.sys -- (AmdK8) DRV - [2009.07.14 00:11:04 | 000,053,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\intelppm.sys -- (intelppm) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\viac7.sys -- (ViaC7) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.14 00:11:04 | 000,052,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\processr.sys -- (Processor) DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.SYS -- (FsUsbExDisk) DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ss_bbus.sys -- (ss_bbus) DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.09.05 12:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\snp2sxp.sys -- (SNP2STD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.de/ IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&tt=290312_29&babsrc=SP_ss&mntrId=a06ed3ee000000000000000000000000 IE - HKCU\..\SearchScopes\{3FFD976D-91C9-478C-92AF-8F196B6559BE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={AD7E35DA-803C-4351-9D94-1E775ACCF50C}&mid=61c4ed3fafd247d09967bd2b2b6b51a4-ea80feb9512b4d4fcb72e1ea9ef9a28ac87e593f&lang=de&ds=od011&pr=sa&d=2012-03-29 20:51:36&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{A93B53B3-488F-48D3-A76F-E992FECFE98E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\Online Visions [2012.11.22 20:51:41 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Online Visions) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Online Visions\Gacela2.dll (Payback) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [syshost32] C:\Windows\Installer\{4E22905B-1EA9-CD5C-3DE8-0D211DB8D0A8}\syshost.exe () O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe () O4 - HKCU..\Run: [{A01761C9-AF05-AD7F-20F5-6651058C454C}] C:\Users\Marcel\AppData\Roaming\Oxfoj\noet.exe File not found O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [syshost32] C:\Users\Marcel\AppData\Local\{536034E3-B904-2738-D9A5-E6D5B6FE8053}\syshost.exe File not found O4 - Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : Über Online Visions - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Online Visions\Gacela2.dll (Payback) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.02.07 18:43:30 | 000,000,000 | ---D | M] - I:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.22 21:03:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Marcel\Desktop\aswMBR.exe [2012.11.22 20:45:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2012.11.22 15:43:07 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{21572EE8-AF91-4653-ACBF-C6CF5256FAB5} [2012.11.21 21:54:55 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{8271F3CB-AD35-4AB5-8A60-176E67616232} [2012.11.20 17:17:17 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{F452345F-E10E-4B0B-9FDC-7BC3F22C145D} [2012.11.19 17:28:35 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{2CA135EA-1E4D-4AB7-8D94-BACADAF66975} [2012.11.18 20:00:57 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{67C738BC-EC43-407C-B7B5-E6BA9FBB048B} [2012.11.18 08:00:35 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{222020CE-EC23-4B26-B1EC-45B45CFEBACF} [2012.11.17 16:50:21 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{208D810E-BB85-4DC0-9E55-C8CBDD2AC8D7} [2012.11.16 19:37:34 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{C637C3C0-5554-403B-97F7-354BE96FF3A8} [2012.11.15 17:51:28 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{95ADF2FC-F61C-4F38-9BCE-0E6D439D60CB} [2012.11.14 18:41:25 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{91599797-EC4B-47F8-8086-46150B8A7631} [2012.11.14 06:41:02 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{93C737D6-7113-4B14-A523-C184ECE23CD9} [2012.11.13 18:19:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.13 18:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.11.13 18:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.11.13 18:07:07 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{55B6EEAC-95A1-481E-90AF-D2526189E34B} [2012.11.12 19:15:10 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{EB1BB110-8062-4AB3-A128-F5D3E17FFD02} [2012.11.11 11:50:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{E35A1EEE-62AB-4406-A0D6-044431C41AD4} [2012.11.10 23:23:53 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{BEA5E14F-FE88-488A-8826-5CF9A5AF8614} [2012.11.10 17:47:57 | 000,000,000 | ---D | C] -- C:\Users\Marcel\Documents\AS_Airport-Enhancement-Services_V225 [2012.11.10 09:18:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{91D8C57B-8F99-4FF2-A649-26EE9554D860} [2012.11.09 14:41:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{65503D7B-585D-405B-9C56-FF1B3F69C2B9} [2012.11.08 17:57:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{8FF2ECEE-BA6A-4F68-9062-E25617369EC3} [2012.11.08 05:56:42 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{0D1E790C-CE50-44F9-86B7-DF9022B92FF9} [2012.11.07 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{68D3C026-13BF-46B0-AF7A-A3556C4A936F} [2012.11.06 16:37:52 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{42D70BB0-17B2-41FC-80A6-54C4195770C1} [2012.11.05 16:34:14 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{FEA8A859-CCE7-475D-A973-D132ACFF6D70} [2012.11.05 00:00:34 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{D7EC0F19-08B9-4CA4-AFB4-33903236322A} [2012.11.04 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{9892AD47-B543-4898-9A9E-93AC21976FDC} [2012.11.03 23:32:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{73B9112C-080D-4DC6-B0CA-6E53342C19DE} [2012.11.03 11:04:13 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\ElevatedDiagnostics [2012.11.03 10:43:03 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{030BDAA8-BFC6-4E7A-95D0-7D69116B618B} [2012.11.02 23:38:28 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{0B248095-F5AA-4FC3-AF94-A90846E71233} [2012.11.02 22:50:42 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{BF19E7C3-2185-4CF9-B8E7-FA295D47F93A} [2012.11.02 22:09:16 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{4ABCFD3D-FD7C-487A-B504-7BBE82874C5E} [2012.11.02 21:49:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{8BA48F1F-2A04-4E66-A9E2-E20D2547A991} [2012.11.02 17:18:08 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{01B97648-1672-4F8C-82ED-39719C55EF83} [2012.11.02 13:59:09 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{1879364A-7EBC-44E0-8D9C-8D7CAB83FCAA} [2012.11.01 20:30:55 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{4D71B2DA-A358-4F38-B773-DCC90438A4BF} [2012.10.31 22:08:56 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{2801FB58-6A96-4CD5-A801-EAF6F30815FA} [2012.10.31 16:28:52 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{60A0E4C4-9041-48D2-9D32-367527F73E53} [2012.10.30 13:38:21 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{FBAFB954-0E74-481E-AB26-D6B3D996524F} [2012.10.30 12:02:50 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{C5C3268A-13A1-499A-B40F-7E87F6779A37} [2012.10.30 07:56:59 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{E1D6E307-E068-443F-9619-75C99AD54BB4} [2012.10.30 07:49:16 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{27DE0504-4E7A-4ED6-BE57-E583BE118267} [2012.10.29 09:22:42 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{21DE7350-B07E-42C7-8CAF-4093B29BA340} [2012.10.28 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{209E9569-38BF-4297-B27E-372D35FDA2AB} [2012.10.28 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{0BEE4CFE-B712-4ECE-91EC-B8CB3ECEFF31} [2012.10.28 00:15:21 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{0B40E634-869C-48F2-AB6D-C71FB7768887} [2012.10.27 10:43:08 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{D89F4165-FBB4-47CC-B097-4B7C80C877C7} [2012.10.26 10:53:33 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{2E5CC381-0B0E-4B50-97D3-5DE8F399AC3C} [2012.10.25 12:29:19 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{B78F8A30-D7C5-480F-9E62-88F731DF0711} [2012.10.24 23:01:15 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{1D01B762-020C-48C3-A285-8FBF6B33DC2E} [2012.10.24 10:14:05 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{3E9E1168-75EF-465E-B5D4-2815BDDDB248} [2010.11.27 21:33:10 | 002,922,201 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Program Files\uninstall.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.22 21:32:06 | 000,000,000 | ---- | M] () -- C:\Users\Marcel\defogger_reenable [2012.11.22 21:30:56 | 000,050,477 | ---- | M] () -- C:\Users\Marcel\Desktop\Defogger.exe [2012.11.22 21:05:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.22 21:04:31 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Marcel\Desktop\aswMBR.exe [2012.11.22 20:45:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2012.11.22 17:28:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 17:28:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 17:20:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.22 17:20:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 17:20:51 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012.11.21 22:13:45 | 000,654,372 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.21 22:13:45 | 000,616,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.21 22:13:45 | 000,129,986 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.21 22:13:45 | 000,106,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.15 18:50:54 | 000,176,266 | ---- | M] () -- C:\Users\Marcel\Desktop\AllSecur Tessa.pdf [2012.11.07 16:52:02 | 000,001,013 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2012.11.05 17:21:43 | 000,351,559 | ---- | M] () -- C:\Users\Marcel\Documents\BeNetti.pdf [2012.11.05 17:05:15 | 000,161,808 | ---- | M] () -- C:\Users\Marcel\Documents\Ela+Ansgar.pdf [2012.11.04 17:35:13 | 000,069,010 | ---- | M] () -- C:\Users\Marcel\Desktop\Allsecur Frauke.pdf [2012.11.03 11:22:09 | 000,405,090 | ---- | M] () -- C:\Users\Marcel\Documents\Rechnung Brandos.pdf [2012.11.01 21:11:42 | 006,466,224 | ---- | M] () -- C:\Users\Marcel\Desktop\Handbuch_Alice_WLAN_4421.pdf [2012.10.31 22:29:43 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Aerosoft Launcher.lnk [2012.10.31 17:41:52 | 000,519,542 | ---- | M] () -- C:\Users\Marcel\Documents\Brownies.pdf [2012.10.25 15:44:57 | 000,059,520 | ---- | M] () -- C:\Users\Marcel\Desktop\2CC2S8.pdf [2012.10.24 14:14:45 | 000,137,704 | ---- | M] () -- C:\Users\Marcel\Desktop\37_10(Stzung_für_die_Freiwillige_Feuerwehr).pdf [2012.10.24 10:16:36 | 000,129,077 | ---- | M] () -- C:\Users\Marcel\Documents\Scan Führerschein Rückseite.pdf [2012.10.24 10:15:58 | 000,126,570 | ---- | M] () -- C:\Users\Marcel\Documents\Scan Führerschein Vorderseite.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.22 21:32:06 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\defogger_reenable [2012.11.22 21:30:52 | 000,050,477 | ---- | C] () -- C:\Users\Marcel\Desktop\Defogger.exe [2012.11.05 17:21:43 | 000,351,559 | ---- | C] () -- C:\Users\Marcel\Documents\BeNetti.pdf [2012.11.05 17:05:15 | 000,161,808 | ---- | C] () -- C:\Users\Marcel\Documents\Ela+Ansgar.pdf [2012.11.04 17:47:29 | 000,176,266 | ---- | C] () -- C:\Users\Marcel\Desktop\AllSecur Tessa.pdf [2012.11.04 17:35:13 | 000,069,010 | ---- | C] () -- C:\Users\Marcel\Desktop\Allsecur Frauke.pdf [2012.11.03 11:22:08 | 000,405,090 | ---- | C] () -- C:\Users\Marcel\Documents\Rechnung Brandos.pdf [2012.11.01 21:11:42 | 006,466,224 | ---- | C] () -- C:\Users\Marcel\Desktop\Handbuch_Alice_WLAN_4421.pdf [2012.10.31 17:41:51 | 000,519,542 | ---- | C] () -- C:\Users\Marcel\Documents\Brownies.pdf [2012.10.25 15:44:57 | 000,059,520 | ---- | C] () -- C:\Users\Marcel\Desktop\2CC2S8.pdf [2012.10.24 14:14:45 | 000,137,704 | ---- | C] () -- C:\Users\Marcel\Desktop\37_10(Stzung_für_die_Freiwillige_Feuerwehr).pdf [2012.10.24 10:15:58 | 000,126,570 | ---- | C] () -- C:\Users\Marcel\Documents\Scan Führerschein Vorderseite.pdf [2012.09.29 18:48:14 | 000,036,000 | ---- | C] () -- C:\Windows\System32\drivers\avkmgr.sys [2012.09.29 18:48:13 | 000,137,928 | ---- | C] () -- C:\Windows\System32\drivers\avipbb.sys [2012.09.15 08:35:44 | 000,026,840 | ---- | C] () -- C:\Windows\System32\drivers\GEARAspiWDM.sys [2012.08.31 20:02:25 | 000,070,144 | ---- | C] () -- C:\Windows\System32\drivers\eaee972c454f49b9.sys [2012.08.15 21:36:33 | 002,345,984 | ---- | C] () -- C:\Windows\System32\win32k.sys [2012.07.11 21:48:27 | 000,369,336 | ---- | C] () -- C:\Windows\System32\drivers\cng.sys [2012.07.11 21:48:27 | 000,134,000 | ---- | C] () -- C:\Windows\System32\drivers\ksecpkg.sys [2012.07.11 21:48:26 | 000,067,440 | ---- | C] () -- C:\Windows\System32\drivers\ksecdd.sys [2012.06.13 22:16:44 | 000,183,808 | ---- | C] () -- C:\Windows\System32\drivers\rdpwd.sys [2012.06.10 08:42:19 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2012.06.10 08:42:18 | 012,212,864 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2012.06.10 08:42:18 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp2std.exe [2012.06.10 08:42:18 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2012.06.10 08:42:18 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [2012.06.10 08:42:18 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2012.06.10 08:42:18 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2012.05.14 21:50:31 | 001,291,632 | ---- | C] () -- C:\Windows\System32\drivers\tcpip.sys [2012.05.14 21:50:26 | 003,968,368 | ---- | C] () -- C:\Windows\System32\ntkrnlpa.exe [2012.05.14 21:50:22 | 000,056,176 | ---- | C] () -- C:\Windows\System32\drivers\partmgr.sys [2012.05.03 20:04:39 | 000,000,199 | ---- | C] () -- C:\Users\Marcel\QualityWings_Ultimate 757 Collection.reg [2012.04.11 21:15:00 | 000,019,824 | ---- | C] () -- C:\Windows\System32\drivers\fs_rec.sys [2012.03.13 18:06:16 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\tdtcp.sys [2012.03.01 21:22:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.03.01 21:22:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.12.25 18:40:58 | 000,021,632 | ---- | C] () -- C:\Windows\System32\drivers\pccsmcfd.sys [2011.12.25 18:40:33 | 000,121,856 | ---- | C] () -- C:\Windows\System32\drivers\ss_bmdm.sys [2011.12.25 18:40:33 | 000,090,112 | ---- | C] () -- C:\Windows\System32\drivers\ss_bbus.sys [2011.12.25 18:40:33 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\ss_bmdfl.sys [2011.12.25 18:40:33 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\ss_bwhnt.sys [2011.12.25 18:40:33 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\ss_bwh.sys [2011.12.25 18:40:33 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\ss_bcmnt.sys [2011.12.25 18:40:33 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\ss_bcm.sys [2011.12.25 18:38:48 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.12.25 18:38:48 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.12.13 22:41:20 | 000,038,912 | ---- | C] () -- C:\Windows\System32\csrsrv.dll [2011.10.01 08:30:42 | 000,019,304 | ---- | C] () -- C:\Windows\System32\drivers\Sftvollh.sys [2011.10.01 08:30:40 | 000,021,864 | ---- | C] () -- C:\Windows\System32\drivers\Sftredirlh.sys [2011.10.01 08:30:38 | 000,194,408 | ---- | C] () -- C:\Windows\System32\drivers\Sftplaylh.sys [2011.10.01 08:30:36 | 000,579,944 | ---- | C] () -- C:\Windows\System32\drivers\Sftfslh.sys [2011.08.11 15:48:19 | 000,223,744 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb10.sys [2011.07.14 19:59:50 | 000,284,672 | ---- | C] () -- C:\Windows\System32\drivers\usbport.sys [2011.07.14 19:59:50 | 000,258,560 | ---- | C] () -- C:\Windows\System32\drivers\usbhub.sys [2011.07.14 19:59:50 | 000,075,776 | ---- | C] () -- C:\Windows\System32\drivers\usbccgp.sys [2011.07.14 19:59:50 | 000,043,008 | ---- | C] () -- C:\Windows\System32\drivers\usbehci.sys [2011.07.14 19:59:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\usbuhci.sys [2011.07.14 19:59:50 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\usbohci.sys [2011.07.14 19:59:50 | 000,005,888 | ---- | C] () -- C:\Windows\System32\drivers\usbd.sys [2011.07.04 19:06:11 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.06.15 21:31:25 | 000,311,808 | ---- | C] () -- C:\Windows\System32\drivers\srv.sys [2011.06.15 21:31:25 | 000,310,272 | ---- | C] () -- C:\Windows\System32\drivers\srv2.sys [2011.06.15 21:31:25 | 000,114,688 | ---- | C] () -- C:\Windows\System32\drivers\srvnet.sys [2011.06.15 21:31:22 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys [2011.06.15 21:31:20 | 000,123,904 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb.sys [2011.06.15 21:31:20 | 000,096,768 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb20.sys [2011.05.25 13:10:49 | 000,027,008 | ---- | C] () -- C:\Windows\System32\drivers\Diskdump.sys [2011.04.27 21:54:33 | 001,211,264 | ---- | C] () -- C:\Windows\System32\drivers\ntfs.sys [2011.04.27 21:54:33 | 000,332,160 | ---- | C] () -- C:\Windows\System32\drivers\iaStorV.sys [2011.04.27 21:54:33 | 000,148,864 | ---- | C] () -- C:\Windows\System32\drivers\storport.sys [2011.04.27 21:54:33 | 000,143,744 | ---- | C] () -- C:\Windows\System32\drivers\nvstor.sys [2011.04.27 21:54:33 | 000,080,256 | ---- | C] () -- C:\Windows\System32\drivers\amdsata.sys [2011.04.27 21:54:32 | 000,117,120 | ---- | C] () -- C:\Windows\System32\drivers\nvraid.sys [2011.04.27 21:54:32 | 000,076,288 | ---- | C] () -- C:\Windows\System32\drivers\USBSTOR.SYS [2011.04.27 21:54:32 | 000,022,400 | ---- | C] () -- C:\Windows\System32\drivers\amdxata.sys [2011.04.14 08:23:50 | 000,294,912 | ---- | C] () -- C:\Windows\System32\atmfd.dll [2011.04.14 08:23:48 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\bowser.sys [2011.04.10 20:23:56 | 000,052,224 | ---- | C] () -- C:\Windows\System32\drivers\TsUsbFlt.sys [2011.04.10 20:23:49 | 000,520,064 | ---- | C] () -- C:\Windows\System32\mcupdate_GenuineIntel.dll [2011.04.10 20:23:48 | 000,233,344 | ---- | C] () -- C:\Windows\System32\drivers\msiscsi.sys [2011.04.10 20:23:47 | 000,014,208 | ---- | C] () -- C:\Windows\System32\drivers\hwpolicy.sys [2011.04.10 20:23:46 | 000,213,504 | ---- | C] () -- C:\Windows\System32\rdpdd.dll [2011.04.10 20:23:34 | 000,508,904 | ---- | C] () -- C:\Windows\System32\winload.exe [2011.04.10 20:23:33 | 000,712,576 | ---- | C] () -- C:\Windows\System32\drivers\ndis.sys [2011.04.10 20:23:33 | 000,245,632 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys [2011.04.10 20:23:32 | 000,240,000 | ---- | C] () -- C:\Windows\System32\drivers\netio.sys [2011.04.10 20:23:31 | 000,513,536 | ---- | C] () -- C:\Windows\System32\drivers\http.sys [2011.04.10 20:23:31 | 000,115,712 | ---- | C] () -- C:\Windows\System32\drivers\mrxdav.sys [2011.04.10 20:23:30 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.sys [2011.04.10 20:23:29 | 000,242,688 | ---- | C] () -- C:\Windows\System32\drivers\rdbss.sys [2011.04.10 20:23:29 | 000,194,800 | ---- | C] () -- C:\Windows\System32\drivers\fvevol.sys [2011.04.10 20:23:29 | 000,116,096 | ---- | C] () -- C:\Windows\System32\drivers\msdsm.sys [2011.04.10 20:23:28 | 000,690,680 | ---- | C] () -- C:\Windows\System32\ci.dll [2011.04.10 20:23:27 | 000,153,984 | ---- | C] () -- C:\Windows\System32\drivers\pci.sys [2011.04.10 20:23:26 | 000,085,376 | ---- | C] () -- C:\Windows\System32\drivers\sbp2port.sys [2011.04.10 20:23:26 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\termdd.sys [2011.04.10 20:23:25 | 000,160,128 | ---- | C] () -- C:\Windows\System32\drivers\vhdmp.sys [2011.04.10 20:23:25 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\msahci.sys [2011.04.10 20:23:24 | 000,274,304 | ---- | C] () -- C:\Windows\System32\drivers\acpi.sys [2011.04.10 20:23:24 | 000,246,784 | ---- | C] () -- C:\Windows\System32\drivers\udfs.sys [2011.04.10 20:23:24 | 000,194,432 | ---- | C] () -- C:\Windows\System32\halmacpi.dll [2011.04.10 20:23:24 | 000,194,432 | ---- | C] () -- C:\Windows\System32\hal.dll [2011.04.10 20:23:23 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys [2011.04.10 20:23:23 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\volmgr.sys [2011.04.10 20:23:22 | 000,132,992 | ---- | C] () -- C:\Windows\System32\drivers\ataport.sys [2011.04.10 20:23:21 | 000,187,776 | ---- | C] () -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2011.04.10 20:23:20 | 000,140,160 | ---- | C] () -- C:\Windows\System32\drivers\scsiport.sys [2011.04.10 20:23:20 | 000,130,432 | ---- | C] () -- C:\Windows\System32\drivers\mpio.sys [2011.04.10 20:23:20 | 000,078,208 | ---- | C] () -- C:\Windows\System32\drivers\mountmgr.sys [2011.04.10 20:23:19 | 000,173,440 | ---- | C] () -- C:\Windows\System32\drivers\rdyboost.sys [2011.04.10 20:23:18 | 000,190,976 | ---- | C] () -- C:\Windows\System32\drivers\ks.sys [2011.04.10 20:23:17 | 000,137,088 | ---- | C] () -- C:\Windows\System32\halacpi.dll [2011.04.10 20:23:17 | 000,055,808 | ---- | C] () -- C:\Windows\System32\drivers\hidclass.sys [2011.04.10 20:23:16 | 000,074,752 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys [2011.04.10 20:23:15 | 000,048,640 | ---- | C] () -- C:\Windows\System32\drivers\ndproxy.sys [2011.04.10 20:23:15 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\tssecsrv.sys [2011.04.10 20:23:13 | 000,117,760 | ---- | C] () -- C:\Windows\System32\drivers\rmcast.sys [2011.04.10 20:23:12 | 000,046,080 | ---- | C] () -- C:\Windows\System32\drivers\ndisuio.sys [2011.04.10 20:23:12 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\tcpipreg.sys [2011.04.10 20:23:11 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\tdi.sys [2011.04.10 20:23:10 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys [2011.04.10 20:23:10 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\CompositeBus.sys [2011.04.10 20:23:09 | 000,121,856 | ---- | C] () -- C:\Windows\System32\RDPENCDD.dll [2011.04.10 20:23:09 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\tunnel.sys [2011.04.10 20:23:09 | 000,078,336 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys [2011.04.10 20:23:09 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\acpipmi.sys [2011.04.10 20:23:08 | 000,132,224 | ---- | C] () -- C:\Windows\System32\drivers\WUDFRd.sys [2011.04.10 20:23:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\drivers\ndiswan.sys [2011.04.10 20:23:08 | 000,050,176 | ---- | C] () -- C:\Windows\System32\drivers\appid.sys [2011.04.10 20:23:08 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\hidusb.sys [2011.04.10 20:23:07 | 000,065,536 | ---- | C] () -- C:\Windows\System32\drivers\IPMIDrv.sys [2011.04.10 20:23:06 | 000,304,128 | ---- | C] () -- C:\Windows\System32\drivers\HdAudio.sys [2011.04.10 20:23:06 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\hdaudbus.sys [2011.04.10 20:23:06 | 000,092,672 | ---- | C] () -- C:\Windows\System32\drivers\WUDFPf.sys [2011.04.10 20:23:06 | 000,063,488 | ---- | C] () -- C:\Windows\System32\drivers\wanarp.sys [2011.04.10 20:23:06 | 000,039,936 | ---- | C] () -- C:\Windows\System32\drivers\umbus.sys [2011.04.10 20:23:06 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\kbdhid.sys [2011.04.10 20:23:06 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\scfilter.sys [2011.04.10 20:23:06 | 000,026,624 | ---- | C] () -- C:\Windows\System32\RDPREFDD.dll [2011.04.10 20:23:06 | 000,018,432 | ---- | C] () -- C:\Windows\System32\drivers\tdpipe.sys [2011.04.10 20:23:06 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\sffp_sd.sys [2011.04.10 20:23:06 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\RDPCDD.sys [2011.04.10 20:23:04 | 000,007,168 | ---- | C] () -- C:\Windows\System32\KBDSG.DLL [2011.04.10 20:23:04 | 000,007,168 | ---- | C] () -- C:\Windows\System32\kbdlk41a.dll [2011.04.10 20:23:04 | 000,007,168 | ---- | C] () -- C:\Windows\System32\KBDCZ1.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDTUQ.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDTUF.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDSF.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDPO.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDNEPR.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDINBEN.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDGR1.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDGKL.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDUS.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDUGHR1.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDTURME.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDTAJIK.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDMON.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDMAORI.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDLT1.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINTEL.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINTAM.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINORI.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINMAR.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINKAN.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINHIN.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDBULG.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDBLR.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDBASH.DLL [2011.04.10 20:23:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\KBDGEO.DLL [2011.02.10 16:13:15 | 000,728,448 | ---- | C] () -- C:\Windows\System32\drivers\dxgkrnl.sys [2011.02.10 16:13:15 | 000,219,008 | ---- | C] () -- C:\Windows\System32\drivers\dxgmms1.sys [2011.02.10 16:13:15 | 000,107,520 | ---- | C] () -- C:\Windows\System32\cdd.dll [2011.01.15 20:58:18 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2010.11.28 13:47:39 | 000,110,304 | ---- | C] () -- C:\Windows\System32\drivers\ACEDRV09.sys [2010.11.28 12:44:59 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\FileOut.cns [2010.11.28 12:44:59 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\FileIn.cns [2010.11.27 21:33:11 | 000,000,851 | ---- | C] () -- C:\Program Files\Uninstall ElsterFormular.lnk ========== ZeroAccess Check ========== [2011.11.17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\L [2012.08.12 08:56:23 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\U [2011.11.17 06:38:39 | 000,002,048 | -HS- | M] () -- C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\@ [2011.11.17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\L [2012.08.29 06:57:14 | 000,000,000 | -HSD | M] -- C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\U [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-46828319-3922081854-4210988598-1000\$ae7e67617e7c5b1b52d261d8b63523d2\n. -- File not found [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\$Recycle.Bin\S-1-5-18\$ae7e67617e7c5b1b52d261d8b63523d2\n. -- File not found "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.03.29 19:44:20 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Babylon [2011.04.20 09:01:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.08.22 16:10:48 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\DVDVideoSoft [2011.08.22 16:10:33 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.10 17:49:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\elsterformular [2012.09.06 07:15:34 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Flight One Software [2012.03.01 21:24:07 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\FreePDF [2011.08.21 20:56:15 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\MusicNet [2012.09.06 08:57:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\MyTraffic [2012.03.29 19:50:00 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\OpenCandy [2012.11.22 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Oxfoj [2011.12.25 18:43:43 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\PC Suite [2011.12.25 18:38:39 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Samsung [2012.11.20 22:42:24 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\SoftGrid Client [2010.11.28 10:31:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\TP [2011.01.15 20:51:32 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:74603393 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:00934A10 < End of report > Code:
ATTFilter OTL Extras logfile created on: 11/22/2012 8:46:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.08% Memory free
12.76 Gb Paging File | 11.36 Gb Available in Paging File | 89.08% Paging File free
Paging file location(s): c:\pagefile.sys 10000 15000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1228.82 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 20.99 Gb Free Space | 52.48% Space Free | Partition Type: NTFS
Drive E: | 164.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 111.79 Gb Total Space | 48.44 Gb Free Space | 43.33% Space Free | Partition Type: NTFS
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01C3630A-7FD2-46DF-B514-A4B829B0021A}" = aerosoft's - German Airports 2 - 2012 (FSX)
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA7BE0D-3DC3-4F04-B64D-9AA2041B76AB}" = Aerosoft's - Heraklion X
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{17440258-DB48-49DE-8391-79900477490C}" = aerosoft's - Madeira X
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1B19DA07-6870-4E60-9171-5C53AD21A0E0}" = aerosoft's - Mega Airport Munich X
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20708FD5-E94D-4097-A21E-E28564CDBC06}" = PMDG 737 8900 NGX
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2C36035A-65D8-4711-A2CB-ED18A725EBDF}" = Aerosoft's - Sharm El-Sheikh 2012 - FSX
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37F50C53-EDED-4FFE-9877-532A335C5C18}" = Aerosoft's - MyTraffic 2013
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{51E89BD2-CDC1-4185-88BE-F8D5032B8D21}" = Aerosoft's - Djerba X
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62B7012A-D02C-4981-9D37-634DF40E9578}" = aerosoft's - Santorini X
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A073262-FB25-4224-AE36-C2725A616E05}" = Aerosoft's - Corfu X
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C30FA2C9-6740-4485-A164-858D2884E154}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D1F56041-DDC6-4508-994D-D70FC4022DB0}" = aerosoft's - Holiday Airports FSX
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA8BFB69-7188-4C09-B722-47D355CEB205}" = Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"39992AD7-103F-4308-8BB7-3F65F543604D" = Online Visions
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Bus Driver" = Bus Driver 1.0
"ElsterFormular 11.5.1.4843" = ElsterFormular
"ElsterFormular 13.0.0.8055p" = ElsterFormular
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallBrain Updater Service" = InstallBrain Updater Service
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProTrain 20 Dortmund - Hannover 1.0" = ProTrain 20 Dortmund - Hannover 1.0
"QualityWings Ultimate 757 Collection FSX_is1" = QualityWings Ultimate 757 Collection FSX 1.2.6
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"SpecialSavings" = SpecialSavings
"Train Simulator 1.0" = Microsoft Train Simulator
"ViMaCore X" = VistaMare ViMaCore X
"WinLiveSuite" = Windows Live Essentials
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QualityWings Ultimate 757 Collection" = QualityWings Ultimate 757 Collection
"STANLY Track" = STANLY Track
"Tower Simulator" = Tower Simulator
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/21/2012 5:03:33 PM | Computer Name = Marcel-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
Error - 11/22/2012 10:42:02 AM | Computer Name = Marcel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 11/22/2012 10:51:58 AM | Computer Name = Marcel-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
Error - 11/22/2012 11:58:33 AM | Computer Name = Marcel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 11/22/2012 11:59:06 AM | Computer Name = Marcel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 11/22/2012 12:21:05 PM | Computer Name = Marcel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 11/22/2012 12:31:04 PM | Computer Name = Marcel-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
Error - 11/22/2012 3:41:14 PM | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avscan.exe, Version: 12.3.0.48, Zeitstempel:
0x50740d9b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0xf88 Startzeit der fehlerhaften Anwendung: 0x01cdc8ce0f53be75 Pfad der fehlerhaften
Anwendung: C:\Program Files\Avira\AntiVir Desktop\avscan.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 92ca986a-34dc-11e2-9065-6c626d8fb857
Error - 11/22/2012 3:48:30 PM | Computer Name = Marcel-PC | Source = VSS | ID = 8193
Description =
Error - 11/22/2012 3:48:30 PM | Computer Name = Marcel-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 11/22/2012 12:20:58 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 11/22/2012 12:20:59 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 11/22/2012 12:20:59 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 11/22/2012 12:21:15 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Avira Browser Schutz" ist vom Dienst "Avira Echtzeit Scanner"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066
Error - 11/22/2012 12:21:15 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%307.
Error - 11/22/2012 12:21:15 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avkmgr ssmdrv
Error - 11/22/2012 12:22:06 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 11/22/2012 12:22:06 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 11/22/2012 1:46:02 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 11/22/2012 1:46:02 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-22 22:49:43
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Services - GMER 1.0.15 ----
Service C:\SystemRoot\System32\Drivers\eaee972c454f49b9.sys (*** hidden *** ) [BOOT] eaee972c454f49b9 <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@ImagePath \SystemRoot\System32\Drivers\eaee972c454f49b9.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@DisplayName syshost.exe
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@ImagePath \SystemRoot\System32\Drivers\eaee972c454f49b9.sys
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@Tag 1
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@DisplayName syshost.exe
---- EOF - GMER 1.0.15 ----
|
| Themen zu Trojaner im Online-Banking |
| 0x8007042, antivir, autorun, avira, avira searchfree toolbar, babylontoolbar, bho, bonjour, cid, converter, e-banking, ebay, error, failed, firefox, flash player, geld, helper, home, installbrain, kunde, logfile, microsoft office starter 2010, mp3, plug-in, problem, realtek, recycle.bin, registry, security, software, super, tower, trojaner, usb 3.0, windows, wiso |
Baum-Darstellung