| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner im Online-BankingWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.11.2012, 23:59
| #1 |
 |  Trojaner im Online-Banking Hallo, ich habe folgendes Problem: Heute Nachmittag habe ich mich im Online-Banking angemeldet und bekam sofort eine untypische Meldung: Die Sparkasse stellt demnächst auf ein neues Sicherheitsverfahren um. Das Sicherheitsupdate würde im Hintergrund ablaufen, damit es für die Kunden so bequem wie möglich abläuft und sie möglichst wenig davon merken. Man solle aber schon mal eine Testversion ausprobieren. Nach einigen Minuten Wartezeit würde man dorthin weitergeleitet, nachdem die Konfiguration des Systems gescannt worden ist. Ich habe den Internet-Explorer sofort beendet. Telefonische Rücksprache mit der Sparkasse hat dann bestätigt, was ich schon befürchtet hatte: Ich hab mir einen Trojaner eingehandelt. Aber ich habe keine Vorstellung wie. Ich kann mich nicht erinnern "fragwürdige" Emails erhalten zu haben geschweige denn irgendwelche obskuren Anhänge geöffnet zu haben. Ich habe sodann meinen Virenscanner (Avira) erstmal über das System drüberbügeln lassen. Da ich aber nicht wirklich Ahnung habe was genau zu tun ist um den Trojaner wieder loszuwerden bleibt mir nichts anderes übrig als mich an euch zu wenden. Ich habe auch bereits einige "einleitende" Schritte unternommen, wie bei euch auf der Seite beschrieben: 1. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:10 on 22/11/2012 (Marcel)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read BrSerId.sys
Unable to read BrSerWdm.sys
Unable to read BrUsbMdm.sys
Unable to read BrUsbSer.sys
Unable to read bthmodem.sys
Unable to read bxvbdx.sys
Unable to read cdfs.sys
Unable to read cdrom.sys
Unable to read circlass.sys
Unable to read Classpnp.sys
Unable to read CmBatt.sys
Unable to read cmdide.sys
Unable to read cng.sys
Unable to read compbatt.sys
Unable to read CompositeBus.sys
Unable to read crashdmp.sys
Unable to read crcdisk.sys
Unable to read dfsc.sys
Unable to read discache.sys
Unable to read disk.sys
Unable to read Diskdump.sys
Unable to read djsvs.sys
Unable to read drmk.sys
Unable to read drmkaud.sys
Unable to read Dumpata.sys
Unable to read dumpfve.sys
Unable to read dxapi.sys
Unable to read dxg.sys
Unable to read dxgkrnl.sys
Unable to read dxgmms1.sys
Unable to read eaee972c454f49b9.sys
Unable to read elxstor.sys
Unable to read errdev.sys
Unable to read evbdx.sys
Unable to read exfat.sys
Unable to read fastfat.sys
Unable to read fdc.sys
Unable to read fileinfo.sys
Unable to read filetrace.sys
Unable to read flpydisk.sys
Unable to read fltMgr.sys
Unable to read fsdepends.sys
Unable to read fs_rec.sys
Unable to read fvevol.sys
Unable to read FWPKCLNT.SYS
Unable to read GAGP30KX.SYS
Unable to read GEARAspiWDM.sys
Unable to read hcw85cir.sys
Unable to read hdaudbus.sys
Unable to read HdAudio.sys
Unable to read hidbatt.sys
Unable to read hidbth.sys
Unable to read hidclass.sys
Unable to read hidir.sys
Unable to read hidparse.sys
Unable to read hidusb.sys
Unable to read HpSAMD.sys
Unable to read http.sys
Unable to read hwpolicy.sys
Unable to read i8042prt.sys
Unable to read iaStor.sys
Unable to read iaStorV.sys
Unable to read iirsp.sys
Unable to read intelide.sys
Unable to read intelppm.sys
Unable to read ipfltdrv.sys
Unable to read IPMIDrv.sys
Unable to read ipnat.sys
Unable to read irda.sys
Unable to read irenum.sys
Unable to read isapnp.sys
Unable to read kbdclass.sys
Unable to read kbdhid.sys
Unable to read ks.sys
Unable to read ksecdd.sys
Unable to read ksecpkg.sys
Unable to read lltdio.sys
Unable to read lsi_fc.sys
Unable to read lsi_sas.sys
Unable to read lsi_sas2.sys
Unable to read lsi_scsi.sys
Unable to read luafv.sys
Unable to read mcd.sys
Unable to read megasas.sys
Unable to read MegaSR.sys
Unable to read modem.sys
Unable to read monitor.sys
Unable to read mouclass.sys
Unable to read mouhid.sys
Unable to read mountmgr.sys
Unable to read mpio.sys
Unable to read mpsdrv.sys
Unable to read mrxdav.sys
Unable to read mrxsmb.sys
Unable to read mrxsmb10.sys
Unable to read mrxsmb20.sys
Unable to read msahci.sys
Unable to read msdsm.sys
Unable to read msfs.sys
Unable to read mshidkmdf.sys
Unable to read msisadrv.sys
Unable to read msiscsi.sys
Unable to read mskssrv.sys
Unable to read mspclock.sys
Unable to read mspqm.sys
Unable to read msrpc.sys
Unable to read mssmbios.sys
Unable to read mstee.sys
Unable to read MTConfig.sys
Unable to read mup.sys
Unable to read ndis.sys
Unable to read ndiscap.sys
Unable to read ndistapi.sys
Unable to read ndisuio.sys
Unable to read ndiswan.sys
Unable to read ndproxy.sys
Unable to read netbios.sys
Unable to read netbt.sys
Unable to read netio.sys
Unable to read nfrd960.sys
Unable to read npfs.sys
Unable to read nsiproxy.sys
Unable to read ntfs.sys
Unable to read null.sys
Unable to read nusb3hub.sys
Unable to read nusb3xhc.sys
Unable to read nvraid.sys
Unable to read nvstor.sys
Unable to read NV_AGP.SYS
Unable to read nwifi.sys
Unable to read ohci1394.sys
Unable to read pacer.sys
Unable to read parport.sys
Unable to read partmgr.sys
Unable to read parvdm.sys
Unable to read pccsmcfd.sys
Unable to read pci.sys
Unable to read pciide.sys
Unable to read pciidex.sys
Unable to read pcmcia.sys
Unable to read pcw.sys
Unable to read PEAuth.sys
Unable to read portcls.sys
Unable to read processr.sys
Unable to read ql2300.sys
Unable to read ql40xx.sys
Unable to read qwavedrv.sys
Unable to read rasacd.sys
Unable to read rasl2tp.sys
Unable to read raspppoe.sys
Unable to read raspptp.sys
Unable to read rassstp.sys
Unable to read rdbss.sys
Unable to read rdpbus.sys
Unable to read RDPCDD.sys
Unable to read RDPENCDD.sys
Unable to read RDPREFMP.sys
Unable to read rdpwd.sys
Unable to read rdyboost.sys
Unable to read rmcast.sys
Unable to read RNDISMP.sys
Unable to read rootmdm.sys
Unable to read rspndr.sys
Unable to read Rt86win7.sys
Unable to read RTKVHDA.sys
Unable to read RTL8192su.sys
Unable to read sbp2port.sys
Unable to read scfilter.sys
Unable to read scsiport.sys
Unable to read secdrv.sys
Unable to read serenum.sys
Unable to read serial.sys
Unable to read sermouse.sys
Unable to read sffdisk.sys
Unable to read sffp_mmc.sys
Unable to read sffp_sd.sys
Unable to read sfloppy.sys
Unable to read Sftfslh.sys
Unable to read Sftplaylh.sys
Unable to read Sftredirlh.sys
Unable to read Sftvollh.sys
Unable to read SISAGP.SYS
Unable to read sisraid2.sys
Unable to read sisraid4.sys
Unable to read smb.sys
Unable to read smclib.sys
Unable to read sncamd.sys
Unable to read snp2sxp.sys
Unable to read spldr.sys
Unable to read spsys.sys
Unable to read srv.sys
Unable to read srv2.sys
Unable to read srvnet.sys
Unable to read ss_bbus.sys
Unable to read ss_bcm.sys
Unable to read ss_bcmnt.sys
Unable to read ss_bmdfl.sys
Unable to read ss_bmdm.sys
Unable to read ss_bwh.sys
Unable to read ss_bwhnt.sys
Unable to read StarOpen.sys
Unable to read stexstor.sys
Unable to read storport.sys
Unable to read swenum.sys
Unable to read tape.sys
Unable to read tcpip.sys
Unable to read tcpipreg.sys
Unable to read tdi.sys
Unable to read tdpipe.sys
Unable to read tdtcp.sys
Unable to read tdx.sys
Unable to read termdd.sys
Unable to read tssecsrv.sys
Unable to read TsUsbFlt.sys
Unable to read tunnel.sys
Unable to read UAGP35.SYS
Unable to read udfs.sys
Unable to read ULIAGPKX.SYS
Unable to read umbus.sys
Unable to read umpass.sys
Unable to read usb8023.sys
Unable to read usbccgp.sys
Unable to read usbcir.sys
Unable to read usbd.sys
Unable to read usbehci.sys
Unable to read usbhub.sys
Unable to read usbohci.sys
Unable to read usbport.sys
Unable to read usbprint.sys
Unable to read usbscan.sys
Unable to read USBSTOR.SYS
Unable to read usbuhci.sys
Unable to read vdrvroot.sys
Unable to read vga.sys
Unable to read vgapnp.sys
Unable to read vhdmp.sys
Unable to read VIAAGP.SYS
Unable to read viac7.sys
Unable to read viaide.sys
Unable to read videoprt.sys
Unable to read volmgr.sys
Unable to read volmgrx.sys
Unable to read volsnap.sys
Unable to read vsmraid.sys
Unable to read vwifibus.sys
Unable to read vwififlt.sys
Unable to read vwifimp.sys
Unable to read wacompen.sys
Unable to read wanarp.sys
Unable to read watchdog.sys
Unable to read wd.sys
Unable to read Wdf01000.sys
Unable to read WdfLdr.sys
Unable to read wfplwf.sys
Unable to read wimmount.sys
Unable to read wmiacpi.sys
Unable to read wmilib.sys
Unable to read ws2ifsl.sys
Unable to read WUDFPf.sys
Unable to read WUDFRd.sys
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 22.11.2012 21:50:37 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,75% Memory free 12,76 Gb Paging File | 11,23 Gb Available in Paging File | 88,05% Paging File free Paging file location(s): c:\pagefile.sys 10000 15000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356,17 Gb Total Space | 1228,56 Gb Free Space | 90,59% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 20,99 Gb Free Space | 52,48% Space Free | Partition Type: NTFS Drive E: | 164,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 111,79 Gb Total Space | 48,44 Gb Free Space | 43,33% Space Free | Partition Type: NTFS Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.22 20:45:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe PRC - [2012.11.21 21:59:57 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe PRC - [2012.08.12 13:00:09 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.15 08:23:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.01.06 14:30:55 | 000,109,168 | ---- | M] () -- C:\Program Files\Online Visions\Payback-Reporting.exe PRC - [2012.01.06 14:30:54 | 000,186,992 | ---- | M] () -- C:\Program Files\Online Visions\Payback-Updater.exe PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.08 14:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.27 17:59:54 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.05.27 17:59:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.04.27 18:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.03.04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.04.02 18:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2007.09.28 15:32:26 | 000,344,064 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007.07.11 15:09:48 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe PRC - [2007.05.10 16:05:22 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp2std.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 06:05:11 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.14 06:04:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 06:04:46 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.15 07:26:28 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll MOD - [2012.05.15 06:18:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.15 06:17:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.15 06:17:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.15 06:17:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.15 06:17:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.15 06:17:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.05.27 20:40:48 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.05.12 14:12:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007.07.11 15:09:48 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe MOD - [2007.05.10 16:05:22 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp2std.exe ========== Services (SafeList) ========== SRV - [2012.08.31 20:02:25 | 000,070,144 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\eaee972c454f49b9.sys -- (eaee972c454f49b9) SRV - [2012.05.15 08:23:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.15 08:23:22 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.15 08:23:22 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.06 14:30:55 | 000,109,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Online Visions\Payback-Reporting.exe -- (Payback-Reporting-Service) SRV - [2012.01.06 14:30:54 | 000,186,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Online Visions\Payback-Updater.exe -- (Payback-Update-Service) SRV - [2011.10.01 13:30:35 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.05.27 17:59:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.03.04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Marcel\AppData\Local\Temp\aswMBR.sys -- (aswMBR) DRV - [2012.09.29 18:48:04 | 000,137,928 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\avipbb.sys -- (avipbb) DRV - [2012.09.29 18:48:04 | 000,036,000 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\DRIVERS\avkmgr.sys -- (avkmgr) DRV - [2012.08.31 20:02:25 | 000,070,144 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\eaee972c454f49b9.sys -- (eaee972c454f49b9) DRV - [2012.06.02 05:45:04 | 000,067,440 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecdd.sys -- (KSecDD) DRV - [2012.06.02 05:45:03 | 000,134,000 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2012.06.02 05:40:59 | 000,369,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2012.05.15 08:23:23 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.28 04:17:07 | 000,183,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD) DRV - [2012.03.30 11:23:11 | 001,291,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tcpip.sys -- (TCPIP6) DRV - [2012.03.30 11:23:11 | 001,291,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip) DRV - [2012.03.17 08:27:18 | 000,056,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr) DRV - [2012.03.01 06:46:57 | 000,019,824 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2012.02.17 05:13:22 | 000,024,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\Sftfslh.sys -- (Sftfs) DRV - [2011.07.09 03:30:00 | 000,223,744 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb10.sys -- (mrxsmb10) DRV - [2011.04.29 03:46:33 | 000,311,808 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srv.sys -- (srv) DRV - [2011.04.29 03:46:15 | 000,310,272 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srv2.sys -- (srv2) DRV - [2011.04.29 03:46:10 | 000,114,688 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srvnet.sys -- (srvnet) DRV - [2011.04.27 03:17:28 | 000,096,768 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb20.sys -- (mrxsmb20) DRV - [2011.04.27 03:17:22 | 000,123,904 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb.sys -- (mrxsmb) DRV - [2011.04.25 03:18:03 | 000,338,944 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD) DRV - [2011.03.25 03:58:37 | 000,258,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbhub.sys -- (usbhub) DRV - [2011.03.25 03:58:06 | 000,075,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbccgp.sys -- (usbccgp) DRV - [2011.03.25 03:57:58 | 000,043,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci) DRV - [2011.03.25 03:57:58 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci) DRV - [2011.03.25 03:57:56 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci) DRV - [2011.03.11 06:39:00 | 001,211,264 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs) DRV - [2011.03.11 05:01:12 | 000,076,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR) DRV - [2011.02.23 05:47:33 | 000,069,632 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\bowser.sys -- (bowser) DRV - [2010.11.28 13:47:39 | 000,110,304 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09) DRV - [2010.11.20 13:30:16 | 000,245,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap) DRV - [2010.11.20 13:30:16 | 000,053,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr) DRV - [2010.11.20 13:30:14 | 000,160,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vhdmp.sys -- (vhdmp) DRV - [2010.11.20 13:30:12 | 000,053,120 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD) DRV - [2010.11.20 13:30:10 | 000,173,440 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2010.11.20 13:30:10 | 000,085,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port) DRV - [2010.11.20 13:30:06 | 000,712,576 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS) DRV - [2010.11.20 13:30:06 | 000,153,984 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci) DRV - [2010.11.20 13:30:05 | 000,233,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt) DRV - [2010.11.20 13:30:04 | 000,116,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm) DRV - [2010.11.20 13:30:01 | 000,130,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio) DRV - [2010.11.20 13:30:01 | 000,028,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci) DRV - [2010.11.20 13:30:00 | 000,078,208 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (mountmgr) DRV - [2010.11.20 13:29:53 | 000,014,208 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2010.11.20 13:29:47 | 000,728,448 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl) DRV - [2010.11.20 13:29:15 | 000,274,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ACPI.sys -- (ACPI) DRV - [2010.11.20 13:24:30 | 000,194,800 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\fvevol.sys -- (fvevol) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbflt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:22:20 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tssecsrv.sys -- (tssecsrv) DRV - [2010.11.20 11:22:19 | 000,006,656 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\RDPCDD.sys -- (RDPCDD) DRV - [2010.11.20 11:21:10 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2010.11.20 11:07:50 | 000,118,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndiswan.sys -- (NdisWan) DRV - [2010.11.20 11:07:45 | 000,063,488 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarpv6) DRV - [2010.11.20 11:07:45 | 000,063,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (WANARP) DRV - [2010.11.20 11:07:39 | 000,048,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy) DRV - [2010.11.20 11:07:13 | 000,035,328 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg) DRV - [2010.11.20 11:06:41 | 000,108,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tunnel.sys -- (tunnel) DRV - [2010.11.20 11:06:36 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndisuio.sys -- (Ndisuio) DRV - [2010.11.20 11:01:12 | 000,164,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2010.11.20 11:00:24 | 000,039,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus) DRV - [2010.11.20 11:00:21 | 000,304,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService) DRV - [2010.11.20 10:59:38 | 000,024,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb) DRV - [2010.11.20 10:59:20 | 000,132,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\WUDFRd.sys -- (WUDFRd) DRV - [2010.11.20 10:58:59 | 000,092,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WudfPf.sys -- (WudfPf) DRV - [2010.11.20 10:50:49 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd) DRV - [2010.11.20 10:50:21 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2010.11.20 10:50:10 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid) DRV - [2010.11.20 10:29:49 | 000,050,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appid.sys -- (AppID) DRV - [2010.11.20 10:24:56 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\scfilter.sys -- (scfilter) DRV - [2010.11.20 10:19:15 | 000,065,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV) DRV - [2010.11.20 09:47:55 | 000,010,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpipmi.sys -- (AcpiPmi) DRV - [2010.11.20 09:44:05 | 000,242,688 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\rdbss.sys -- (rdbss) DRV - [2010.11.20 09:42:43 | 000,115,712 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2010.11.20 09:42:32 | 000,078,336 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\Drivers\dfsc.sys -- (DfsC) DRV - [2010.11.20 09:42:28 | 000,246,784 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\udfs.sys -- (udfs) DRV - [2010.11.20 09:40:21 | 000,513,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HTTP.sys -- (HTTP) DRV - [2010.11.20 09:39:44 | 000,187,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\netbt.sys -- (NetBT) DRV - [2010.11.20 09:39:17 | 000,074,752 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\tdx.sys -- (tdx) DRV - [2010.11.20 09:38:10 | 000,108,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\cdrom.sys -- (cdrom) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.27 18:38:24 | 005,586,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (amdkmdag) DRV - [2010.05.27 17:25:18 | 000,209,920 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\atikmpag.sys -- (amdkmdap) DRV - [2010.05.06 10:21:42 | 000,108,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.04.27 17:28:46 | 000,146,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.04.27 17:27:50 | 000,064,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\nusb3hub.sys -- (nusb3hub) DRV - [2009.09.22 14:34:44 | 000,579,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\RTL8192su.sys -- (RTL8192su) DRV - [2009.07.14 02:26:21 | 000,249,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\CLFS.sys -- (CLFS) DRV - [2009.07.14 02:26:21 | 000,019,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\compbatt.sys -- (Compbatt) DRV - [2009.07.14 02:26:15 | 000,053,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agp440.sys -- (agp440) DRV - [2009.07.14 02:26:15 | 000,021,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atapi.sys -- (atapi) DRV - [2009.07.14 02:26:15 | 000,014,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.07.14 02:20:45 | 000,012,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide) DRV - [2009.07.14 02:20:44 | 000,162,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC) DRV - [2009.07.14 02:20:44 | 000,105,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nv_agp.sys -- (nv_agp) DRV - [2009.07.14 02:20:44 | 000,049,728 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\Drivers\mup.sys -- (Mup) DRV - [2009.07.14 02:20:44 | 000,041,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass) DRV - [2009.07.14 02:20:44 | 000,028,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios) DRV - [2009.07.14 02:20:43 | 000,013,888 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv) DRV - [2009.07.14 02:20:36 | 000,046,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp) DRV - [2009.07.14 02:20:36 | 000,042,576 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass) DRV - [2009.07.14 02:20:36 | 000,015,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide) DRV - [2009.07.14 02:20:28 | 000,198,208 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltmgr.sys -- (FltMgr) DRV - [2009.07.14 02:20:28 | 000,058,448 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo) DRV - [2009.07.14 02:20:28 | 000,057,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\gagp30kx.sys -- (gagp30kx) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\FsDepends.sys -- (FsDepends) DRV - [2009.07.14 02:20:28 | 000,022,096 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\crcdisk.sys -- (crcdisk) DRV - [2009.07.14 02:20:27 | 000,057,424 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\disk.sys -- (Disk) DRV - [2009.07.14 02:19:11 | 000,297,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx) DRV - [2009.07.14 02:19:11 | 000,057,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uliagpkx.sys -- (uliagpkx) DRV - [2009.07.14 02:19:11 | 000,019,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wd.sys -- (Wd) DRV - [2009.07.14 02:19:10 | 000,445,008 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000) DRV - [2009.07.14 02:19:10 | 000,055,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\uagp35.sys -- (uagp35) DRV - [2009.07.14 02:19:10 | 000,053,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaagp.sys -- (viaagp) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,012,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:03 | 000,180,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pcmcia.sys -- (pcmcia) DRV - [2009.07.14 02:19:03 | 000,017,472 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr) DRV - [2009.07.14 01:41:15 | 000,586,752 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\peauth.sys -- (PEAUTH) DRV - [2009.07.14 01:17:06 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbprint.sys -- (usbprint) DRV - [2009.07.14 01:14:44 | 000,035,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbscan.sys -- (usbscan) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\rdprefmp.sys -- (RDPREFMP) DRV - [2009.07.14 01:01:39 | 000,006,656 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\rdpencdd.sys -- (RDPENCDD) DRV - [2009.07.14 00:55:24 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modem.sys -- (Modem) DRV - [2009.07.14 00:55:02 | 000,016,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\AgileVpn.sys -- (RasAgileVpn) DRV - [2009.07.14 00:54:58 | 000,075,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\rassstp.sys -- (RasSstp) DRV - [2009.07.14 00:54:53 | 000,077,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspppoe.sys -- (RasPppoe) DRV - [2009.07.14 00:54:48 | 000,073,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspptp.sys -- (PptpMiniport) DRV - [2009.07.14 00:54:46 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\asyncmac.sys -- (AsyncMac) DRV - [2009.07.14 00:54:40 | 000,011,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\rasacd.sys -- (RasAcd) DRV - [2009.07.14 00:54:34 | 000,078,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\rasl2tp.sys -- (Rasl2tp) DRV - [2009.07.14 00:54:29 | 000,101,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT) DRV - [2009.07.14 00:54:29 | 000,058,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver) DRV - [2009.07.14 00:54:24 | 000,020,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndistapi.sys -- (NdisTapi) DRV - [2009.07.14 00:54:13 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv) DRV - [2009.07.14 00:53:58 | 000,104,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\pacer.sys -- (Psched) DRV - [2009.07.14 00:53:54 | 000,036,352 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\netbios.sys -- (NetBIOS) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:53:41 | 000,071,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\smb.sys -- (Smb) DRV - [2009.07.14 00:53:27 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM) DRV - [2009.07.14 00:53:20 | 000,060,928 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rspndr.sys -- (rspndr) DRV - [2009.07.14 00:53:19 | 000,048,128 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\lltdio.sys -- (lltdio) DRV - [2009.07.14 00:52:53 | 000,060,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:52:04 | 000,048,128 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\vwififlt.sys -- (vwififlt) DRV - [2009.07.14 00:52:03 | 000,267,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\nwifi.sys -- (NativeWifiP) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:34 | 000,056,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\bthmodem.sys -- (BTHMODEM) DRV - [2009.07.14 00:51:33 | 000,091,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\hidbth.sys -- (HidBth) DRV - [2009.07.14 00:51:29 | 000,062,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394) DRV - [2009.07.14 00:51:18 | 000,086,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) DRV - [2009.07.14 00:51:17 | 000,037,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\circlass.sys -- (circlass) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:51:05 | 000,037,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\hidir.sys -- (HidIr) DRV - [2009.07.14 00:50:57 | 000,005,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:46:53 | 000,021,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wacompen.sys -- (WacomPen) DRV - [2009.07.14 00:45:52 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sfloppy.sys -- (sfloppy) DRV - [2009.07.14 00:45:52 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc) DRV - [2009.07.14 00:45:52 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk) DRV - [2009.07.14 00:45:45 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\fdc.sys -- (fdc) DRV - [2009.07.14 00:45:45 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\flpydisk.sys -- (flpydisk) DRV - [2009.07.14 00:45:35 | 000,079,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\parport.sys -- (Parport) DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\serial.sys -- (Serial) DRV - [2009.07.14 00:45:29 | 000,008,704 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\parvdm.sys -- (Parvdm) DRV - [2009.07.14 00:45:28 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\serenum.sys -- (Serenum) DRV - [2009.07.14 00:45:08 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mouhid.sys -- (mouhid) DRV - [2009.07.14 00:45:08 | 000,019,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sermouse.sys -- (sermouse) DRV - [2009.07.14 00:45:08 | 000,008,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSKSSRV.sys -- (MSKSSRV) DRV - [2009.07.14 00:45:08 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSTEE.sys -- (MSTEE) DRV - [2009.07.14 00:45:08 | 000,005,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPCLOCK.sys -- (MSPCLOCK) DRV - [2009.07.14 00:45:07 | 000,005,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPQM.sys -- (MSPQM) DRV - [2009.07.14 00:45:01 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep) DRV - [2009.07.14 00:25:59 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\monitor.sys -- (monitor) DRV - [2009.07.14 00:25:51 | 000,025,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave) DRV - [2009.07.14 00:25:49 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vgapnp.sys -- (vga) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:23:04 | 000,035,328 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\blbdrive.sys -- (blbdrive) DRV - [2009.07.14 00:19:21 | 000,021,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\HidBatt.sys -- (HidBatt) DRV - [2009.07.14 00:19:19 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev) DRV - [2009.07.14 00:19:18 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\CmBatt.sys -- (CmBatt) DRV - [2009.07.14 00:19:17 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi) DRV - [2009.07.14 00:15:45 | 000,086,528 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv) DRV - [2009.07.14 00:15:29 | 000,028,160 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace) DRV - [2009.07.14 00:14:03 | 000,142,336 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat) DRV - [2009.07.14 00:14:02 | 000,148,480 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat) DRV - [2009.07.14 00:12:08 | 000,016,896 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy) DRV - [2009.07.14 00:11:32 | 000,035,328 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs) DRV - [2009.07.14 00:11:26 | 000,022,528 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs) DRV - [2009.07.14 00:11:24 | 000,080,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt) DRV - [2009.07.14 00:11:15 | 000,070,656 | ---- | M] () [File_System | Disabled | Running] -- C:\Windows\System32\DRIVERS\cdfs.sys -- (cdfs) DRV - [2009.07.14 00:11:12 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null) DRV - [2009.07.14 00:11:04 | 000,055,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\amdk8.sys -- (AmdK8) DRV - [2009.07.14 00:11:04 | 000,053,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\intelppm.sys -- (intelppm) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\viac7.sys -- (ViaC7) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.14 00:11:04 | 000,052,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\processr.sys -- (Processor) DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.SYS -- (FsUsbExDisk) DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ss_bbus.sys -- (ss_bbus) DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.09.05 12:48:24 | 012,212,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\snp2sxp.sys -- (SNP2STD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.de/ IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&tt=290312_29&babsrc=SP_ss&mntrId=a06ed3ee000000000000000000000000 IE - HKCU\..\SearchScopes\{3FFD976D-91C9-478C-92AF-8F196B6559BE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={AD7E35DA-803C-4351-9D94-1E775ACCF50C}&mid=61c4ed3fafd247d09967bd2b2b6b51a4-ea80feb9512b4d4fcb72e1ea9ef9a28ac87e593f&lang=de&ds=od011&pr=sa&d=2012-03-29 20:51:36&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{A93B53B3-488F-48D3-A76F-E992FECFE98E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\Online Visions [2012.11.22 20:51:41 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Online Visions) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Online Visions\Gacela2.dll (Payback) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [syshost32] C:\Windows\Installer\{4E22905B-1EA9-CD5C-3DE8-0D211DB8D0A8}\syshost.exe () O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe () O4 - HKCU..\Run: [{A01761C9-AF05-AD7F-20F5-6651058C454C}] C:\Users\Marcel\AppData\Roaming\Oxfoj\noet.exe File not found O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [syshost32] C:\Users\Marcel\AppData\Local\{536034E3-B904-2738-D9A5-E6D5B6FE8053}\syshost.exe File not found O4 - Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : Über Online Visions - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Online Visions\Gacela2.dll (Payback) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.02.07 18:43:30 | 000,000,000 | ---D | M] - I:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.22 21:03:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Marcel\Desktop\aswMBR.exe [2012.11.22 20:45:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2012.11.22 15:43:07 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{21572EE8-AF91-4653-ACBF-C6CF5256FAB5} [2012.11.21 21:54:55 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{8271F3CB-AD35-4AB5-8A60-176E67616232} [2012.11.20 17:17:17 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{F452345F-E10E-4B0B-9FDC-7BC3F22C145D} [2012.11.19 17:28:35 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{2CA135EA-1E4D-4AB7-8D94-BACADAF66975} [2012.11.18 20:00:57 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{67C738BC-EC43-407C-B7B5-E6BA9FBB048B} [2012.11.18 08:00:35 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{222020CE-EC23-4B26-B1EC-45B45CFEBACF} [2012.11.17 16:50:21 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{208D810E-BB85-4DC0-9E55-C8CBDD2AC8D7} [2012.11.16 19:37:34 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{C637C3C0-5554-403B-97F7-354BE96FF3A8} [2012.11.15 17:51:28 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{95ADF2FC-F61C-4F38-9BCE-0E6D439D60CB} [2012.11.14 18:41:25 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{91599797-EC4B-47F8-8086-46150B8A7631} [2012.11.14 06:41:02 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{93C737D6-7113-4B14-A523-C184ECE23CD9} [2012.11.13 18:19:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.13 18:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.11.13 18:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.11.13 18:07:07 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{55B6EEAC-95A1-481E-90AF-D2526189E34B} [2012.11.12 19:15:10 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{EB1BB110-8062-4AB3-A128-F5D3E17FFD02} [2012.11.11 11:50:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{E35A1EEE-62AB-4406-A0D6-044431C41AD4} [2012.11.10 23:23:53 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{BEA5E14F-FE88-488A-8826-5CF9A5AF8614} [2012.11.10 17:47:57 | 000,000,000 | ---D | C] -- C:\Users\Marcel\Documents\AS_Airport-Enhancement-Services_V225 [2012.11.10 09:18:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{91D8C57B-8F99-4FF2-A649-26EE9554D860} [2012.11.09 14:41:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{65503D7B-585D-405B-9C56-FF1B3F69C2B9} [2012.11.08 17:57:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{8FF2ECEE-BA6A-4F68-9062-E25617369EC3} [2012.11.08 05:56:42 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{0D1E790C-CE50-44F9-86B7-DF9022B92FF9} [2012.11.07 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{68D3C026-13BF-46B0-AF7A-A3556C4A936F} [2012.11.06 16:37:52 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{42D70BB0-17B2-41FC-80A6-54C4195770C1} [2012.11.05 16:34:14 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{FEA8A859-CCE7-475D-A973-D132ACFF6D70} [2012.11.05 00:00:34 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{D7EC0F19-08B9-4CA4-AFB4-33903236322A} [2012.11.04 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{9892AD47-B543-4898-9A9E-93AC21976FDC} [2012.11.03 23:32:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{73B9112C-080D-4DC6-B0CA-6E53342C19DE} [2012.11.03 11:04:13 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\ElevatedDiagnostics [2012.11.03 10:43:03 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{030BDAA8-BFC6-4E7A-95D0-7D69116B618B} [2012.11.02 23:38:28 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{0B248095-F5AA-4FC3-AF94-A90846E71233} [2012.11.02 22:50:42 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{BF19E7C3-2185-4CF9-B8E7-FA295D47F93A} [2012.11.02 22:09:16 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{4ABCFD3D-FD7C-487A-B504-7BBE82874C5E} [2012.11.02 21:49:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{8BA48F1F-2A04-4E66-A9E2-E20D2547A991} [2012.11.02 17:18:08 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{01B97648-1672-4F8C-82ED-39719C55EF83} [2012.11.02 13:59:09 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{1879364A-7EBC-44E0-8D9C-8D7CAB83FCAA} [2012.11.01 20:30:55 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{4D71B2DA-A358-4F38-B773-DCC90438A4BF} [2012.10.31 22:08:56 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{2801FB58-6A96-4CD5-A801-EAF6F30815FA} [2012.10.31 16:28:52 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{60A0E4C4-9041-48D2-9D32-367527F73E53} [2012.10.30 13:38:21 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{FBAFB954-0E74-481E-AB26-D6B3D996524F} [2012.10.30 12:02:50 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{C5C3268A-13A1-499A-B40F-7E87F6779A37} [2012.10.30 07:56:59 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{E1D6E307-E068-443F-9619-75C99AD54BB4} [2012.10.30 07:49:16 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{27DE0504-4E7A-4ED6-BE57-E583BE118267} [2012.10.29 09:22:42 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{21DE7350-B07E-42C7-8CAF-4093B29BA340} [2012.10.28 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{209E9569-38BF-4297-B27E-372D35FDA2AB} [2012.10.28 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{0BEE4CFE-B712-4ECE-91EC-B8CB3ECEFF31} [2012.10.28 00:15:21 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{0B40E634-869C-48F2-AB6D-C71FB7768887} [2012.10.27 10:43:08 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{D89F4165-FBB4-47CC-B097-4B7C80C877C7} [2012.10.26 10:53:33 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{2E5CC381-0B0E-4B50-97D3-5DE8F399AC3C} [2012.10.25 12:29:19 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{B78F8A30-D7C5-480F-9E62-88F731DF0711} [2012.10.24 23:01:15 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{1D01B762-020C-48C3-A285-8FBF6B33DC2E} [2012.10.24 10:14:05 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{3E9E1168-75EF-465E-B5D4-2815BDDDB248} [2010.11.27 21:33:10 | 002,922,201 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Program Files\uninstall.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.22 21:32:06 | 000,000,000 | ---- | M] () -- C:\Users\Marcel\defogger_reenable [2012.11.22 21:30:56 | 000,050,477 | ---- | M] () -- C:\Users\Marcel\Desktop\Defogger.exe [2012.11.22 21:05:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.22 21:04:31 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Marcel\Desktop\aswMBR.exe [2012.11.22 20:45:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2012.11.22 17:28:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 17:28:32 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 17:20:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.22 17:20:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 17:20:51 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012.11.21 22:13:45 | 000,654,372 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.21 22:13:45 | 000,616,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.21 22:13:45 | 000,129,986 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.21 22:13:45 | 000,106,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.15 18:50:54 | 000,176,266 | ---- | M] () -- C:\Users\Marcel\Desktop\AllSecur Tessa.pdf [2012.11.07 16:52:02 | 000,001,013 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2012.11.05 17:21:43 | 000,351,559 | ---- | M] () -- C:\Users\Marcel\Documents\BeNetti.pdf [2012.11.05 17:05:15 | 000,161,808 | ---- | M] () -- C:\Users\Marcel\Documents\Ela+Ansgar.pdf [2012.11.04 17:35:13 | 000,069,010 | ---- | M] () -- C:\Users\Marcel\Desktop\Allsecur Frauke.pdf [2012.11.03 11:22:09 | 000,405,090 | ---- | M] () -- C:\Users\Marcel\Documents\Rechnung Brandos.pdf [2012.11.01 21:11:42 | 006,466,224 | ---- | M] () -- C:\Users\Marcel\Desktop\Handbuch_Alice_WLAN_4421.pdf [2012.10.31 22:29:43 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Aerosoft Launcher.lnk [2012.10.31 17:41:52 | 000,519,542 | ---- | M] () -- C:\Users\Marcel\Documents\Brownies.pdf [2012.10.25 15:44:57 | 000,059,520 | ---- | M] () -- C:\Users\Marcel\Desktop\2CC2S8.pdf [2012.10.24 14:14:45 | 000,137,704 | ---- | M] () -- C:\Users\Marcel\Desktop\37_10(Stzung_für_die_Freiwillige_Feuerwehr).pdf [2012.10.24 10:16:36 | 000,129,077 | ---- | M] () -- C:\Users\Marcel\Documents\Scan Führerschein Rückseite.pdf [2012.10.24 10:15:58 | 000,126,570 | ---- | M] () -- C:\Users\Marcel\Documents\Scan Führerschein Vorderseite.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.22 21:32:06 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\defogger_reenable [2012.11.22 21:30:52 | 000,050,477 | ---- | C] () -- C:\Users\Marcel\Desktop\Defogger.exe [2012.11.05 17:21:43 | 000,351,559 | ---- | C] () -- C:\Users\Marcel\Documents\BeNetti.pdf [2012.11.05 17:05:15 | 000,161,808 | ---- | C] () -- C:\Users\Marcel\Documents\Ela+Ansgar.pdf [2012.11.04 17:47:29 | 000,176,266 | ---- | C] () -- C:\Users\Marcel\Desktop\AllSecur Tessa.pdf [2012.11.04 17:35:13 | 000,069,010 | ---- | C] () -- C:\Users\Marcel\Desktop\Allsecur Frauke.pdf [2012.11.03 11:22:08 | 000,405,090 | ---- | C] () -- C:\Users\Marcel\Documents\Rechnung Brandos.pdf [2012.11.01 21:11:42 | 006,466,224 | ---- | C] () -- C:\Users\Marcel\Desktop\Handbuch_Alice_WLAN_4421.pdf [2012.10.31 17:41:51 | 000,519,542 | ---- | C] () -- C:\Users\Marcel\Documents\Brownies.pdf [2012.10.25 15:44:57 | 000,059,520 | ---- | C] () -- C:\Users\Marcel\Desktop\2CC2S8.pdf [2012.10.24 14:14:45 | 000,137,704 | ---- | C] () -- C:\Users\Marcel\Desktop\37_10(Stzung_für_die_Freiwillige_Feuerwehr).pdf [2012.10.24 10:15:58 | 000,126,570 | ---- | C] () -- C:\Users\Marcel\Documents\Scan Führerschein Vorderseite.pdf [2012.09.29 18:48:14 | 000,036,000 | ---- | C] () -- C:\Windows\System32\drivers\avkmgr.sys [2012.09.29 18:48:13 | 000,137,928 | ---- | C] () -- C:\Windows\System32\drivers\avipbb.sys [2012.09.15 08:35:44 | 000,026,840 | ---- | C] () -- C:\Windows\System32\drivers\GEARAspiWDM.sys [2012.08.31 20:02:25 | 000,070,144 | ---- | C] () -- C:\Windows\System32\drivers\eaee972c454f49b9.sys [2012.08.15 21:36:33 | 002,345,984 | ---- | C] () -- C:\Windows\System32\win32k.sys [2012.07.11 21:48:27 | 000,369,336 | ---- | C] () -- C:\Windows\System32\drivers\cng.sys [2012.07.11 21:48:27 | 000,134,000 | ---- | C] () -- C:\Windows\System32\drivers\ksecpkg.sys [2012.07.11 21:48:26 | 000,067,440 | ---- | C] () -- C:\Windows\System32\drivers\ksecdd.sys [2012.06.13 22:16:44 | 000,183,808 | ---- | C] () -- C:\Windows\System32\drivers\rdpwd.sys [2012.06.10 08:42:19 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2012.06.10 08:42:18 | 012,212,864 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2012.06.10 08:42:18 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp2std.exe [2012.06.10 08:42:18 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2012.06.10 08:42:18 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [2012.06.10 08:42:18 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2012.06.10 08:42:18 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2012.05.14 21:50:31 | 001,291,632 | ---- | C] () -- C:\Windows\System32\drivers\tcpip.sys [2012.05.14 21:50:26 | 003,968,368 | ---- | C] () -- C:\Windows\System32\ntkrnlpa.exe [2012.05.14 21:50:22 | 000,056,176 | ---- | C] () -- C:\Windows\System32\drivers\partmgr.sys [2012.05.03 20:04:39 | 000,000,199 | ---- | C] () -- C:\Users\Marcel\QualityWings_Ultimate 757 Collection.reg [2012.04.11 21:15:00 | 000,019,824 | ---- | C] () -- C:\Windows\System32\drivers\fs_rec.sys [2012.03.13 18:06:16 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\tdtcp.sys [2012.03.01 21:22:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.03.01 21:22:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.12.25 18:40:58 | 000,021,632 | ---- | C] () -- C:\Windows\System32\drivers\pccsmcfd.sys [2011.12.25 18:40:33 | 000,121,856 | ---- | C] () -- C:\Windows\System32\drivers\ss_bmdm.sys [2011.12.25 18:40:33 | 000,090,112 | ---- | C] () -- C:\Windows\System32\drivers\ss_bbus.sys [2011.12.25 18:40:33 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\ss_bmdfl.sys [2011.12.25 18:40:33 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\ss_bwhnt.sys [2011.12.25 18:40:33 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\ss_bwh.sys [2011.12.25 18:40:33 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\ss_bcmnt.sys [2011.12.25 18:40:33 | 000,012,160 | ---- | C] () -- C:\Windows\System32\drivers\ss_bcm.sys [2011.12.25 18:38:48 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.12.25 18:38:48 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.12.13 22:41:20 | 000,038,912 | ---- | C] () -- C:\Windows\System32\csrsrv.dll [2011.10.01 08:30:42 | 000,019,304 | ---- | C] () -- C:\Windows\System32\drivers\Sftvollh.sys [2011.10.01 08:30:40 | 000,021,864 | ---- | C] () -- C:\Windows\System32\drivers\Sftredirlh.sys [2011.10.01 08:30:38 | 000,194,408 | ---- | C] () -- C:\Windows\System32\drivers\Sftplaylh.sys [2011.10.01 08:30:36 | 000,579,944 | ---- | C] () -- C:\Windows\System32\drivers\Sftfslh.sys [2011.08.11 15:48:19 | 000,223,744 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb10.sys [2011.07.14 19:59:50 | 000,284,672 | ---- | C] () -- C:\Windows\System32\drivers\usbport.sys [2011.07.14 19:59:50 | 000,258,560 | ---- | C] () -- C:\Windows\System32\drivers\usbhub.sys [2011.07.14 19:59:50 | 000,075,776 | ---- | C] () -- C:\Windows\System32\drivers\usbccgp.sys [2011.07.14 19:59:50 | 000,043,008 | ---- | C] () -- C:\Windows\System32\drivers\usbehci.sys [2011.07.14 19:59:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\usbuhci.sys [2011.07.14 19:59:50 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\usbohci.sys [2011.07.14 19:59:50 | 000,005,888 | ---- | C] () -- C:\Windows\System32\drivers\usbd.sys [2011.07.04 19:06:11 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.06.15 21:31:25 | 000,311,808 | ---- | C] () -- C:\Windows\System32\drivers\srv.sys [2011.06.15 21:31:25 | 000,310,272 | ---- | C] () -- C:\Windows\System32\drivers\srv2.sys [2011.06.15 21:31:25 | 000,114,688 | ---- | C] () -- C:\Windows\System32\drivers\srvnet.sys [2011.06.15 21:31:22 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys [2011.06.15 21:31:20 | 000,123,904 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb.sys [2011.06.15 21:31:20 | 000,096,768 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb20.sys [2011.05.25 13:10:49 | 000,027,008 | ---- | C] () -- C:\Windows\System32\drivers\Diskdump.sys [2011.04.27 21:54:33 | 001,211,264 | ---- | C] () -- C:\Windows\System32\drivers\ntfs.sys [2011.04.27 21:54:33 | 000,332,160 | ---- | C] () -- C:\Windows\System32\drivers\iaStorV.sys [2011.04.27 21:54:33 | 000,148,864 | ---- | C] () -- C:\Windows\System32\drivers\storport.sys [2011.04.27 21:54:33 | 000,143,744 | ---- | C] () -- C:\Windows\System32\drivers\nvstor.sys [2011.04.27 21:54:33 | 000,080,256 | ---- | C] () -- C:\Windows\System32\drivers\amdsata.sys [2011.04.27 21:54:32 | 000,117,120 | ---- | C] () -- C:\Windows\System32\drivers\nvraid.sys [2011.04.27 21:54:32 | 000,076,288 | ---- | C] () -- C:\Windows\System32\drivers\USBSTOR.SYS [2011.04.27 21:54:32 | 000,022,400 | ---- | C] () -- C:\Windows\System32\drivers\amdxata.sys [2011.04.14 08:23:50 | 000,294,912 | ---- | C] () -- C:\Windows\System32\atmfd.dll [2011.04.14 08:23:48 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\bowser.sys [2011.04.10 20:23:56 | 000,052,224 | ---- | C] () -- C:\Windows\System32\drivers\TsUsbFlt.sys [2011.04.10 20:23:49 | 000,520,064 | ---- | C] () -- C:\Windows\System32\mcupdate_GenuineIntel.dll [2011.04.10 20:23:48 | 000,233,344 | ---- | C] () -- C:\Windows\System32\drivers\msiscsi.sys [2011.04.10 20:23:47 | 000,014,208 | ---- | C] () -- C:\Windows\System32\drivers\hwpolicy.sys [2011.04.10 20:23:46 | 000,213,504 | ---- | C] () -- C:\Windows\System32\rdpdd.dll [2011.04.10 20:23:34 | 000,508,904 | ---- | C] () -- C:\Windows\System32\winload.exe [2011.04.10 20:23:33 | 000,712,576 | ---- | C] () -- C:\Windows\System32\drivers\ndis.sys [2011.04.10 20:23:33 | 000,245,632 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys [2011.04.10 20:23:32 | 000,240,000 | ---- | C] () -- C:\Windows\System32\drivers\netio.sys [2011.04.10 20:23:31 | 000,513,536 | ---- | C] () -- C:\Windows\System32\drivers\http.sys [2011.04.10 20:23:31 | 000,115,712 | ---- | C] () -- C:\Windows\System32\drivers\mrxdav.sys [2011.04.10 20:23:30 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.sys [2011.04.10 20:23:29 | 000,242,688 | ---- | C] () -- C:\Windows\System32\drivers\rdbss.sys [2011.04.10 20:23:29 | 000,194,800 | ---- | C] () -- C:\Windows\System32\drivers\fvevol.sys [2011.04.10 20:23:29 | 000,116,096 | ---- | C] () -- C:\Windows\System32\drivers\msdsm.sys [2011.04.10 20:23:28 | 000,690,680 | ---- | C] () -- C:\Windows\System32\ci.dll [2011.04.10 20:23:27 | 000,153,984 | ---- | C] () -- C:\Windows\System32\drivers\pci.sys [2011.04.10 20:23:26 | 000,085,376 | ---- | C] () -- C:\Windows\System32\drivers\sbp2port.sys [2011.04.10 20:23:26 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\termdd.sys [2011.04.10 20:23:25 | 000,160,128 | ---- | C] () -- C:\Windows\System32\drivers\vhdmp.sys [2011.04.10 20:23:25 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\msahci.sys [2011.04.10 20:23:24 | 000,274,304 | ---- | C] () -- C:\Windows\System32\drivers\acpi.sys [2011.04.10 20:23:24 | 000,246,784 | ---- | C] () -- C:\Windows\System32\drivers\udfs.sys [2011.04.10 20:23:24 | 000,194,432 | ---- | C] () -- C:\Windows\System32\halmacpi.dll [2011.04.10 20:23:24 | 000,194,432 | ---- | C] () -- C:\Windows\System32\hal.dll [2011.04.10 20:23:23 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys [2011.04.10 20:23:23 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\volmgr.sys [2011.04.10 20:23:22 | 000,132,992 | ---- | C] () -- C:\Windows\System32\drivers\ataport.sys [2011.04.10 20:23:21 | 000,187,776 | ---- | C] () -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2011.04.10 20:23:20 | 000,140,160 | ---- | C] () -- C:\Windows\System32\drivers\scsiport.sys [2011.04.10 20:23:20 | 000,130,432 | ---- | C] () -- C:\Windows\System32\drivers\mpio.sys [2011.04.10 20:23:20 | 000,078,208 | ---- | C] () -- C:\Windows\System32\drivers\mountmgr.sys [2011.04.10 20:23:19 | 000,173,440 | ---- | C] () -- C:\Windows\System32\drivers\rdyboost.sys [2011.04.10 20:23:18 | 000,190,976 | ---- | C] () -- C:\Windows\System32\drivers\ks.sys [2011.04.10 20:23:17 | 000,137,088 | ---- | C] () -- C:\Windows\System32\halacpi.dll [2011.04.10 20:23:17 | 000,055,808 | ---- | C] () -- C:\Windows\System32\drivers\hidclass.sys [2011.04.10 20:23:16 | 000,074,752 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys [2011.04.10 20:23:15 | 000,048,640 | ---- | C] () -- C:\Windows\System32\drivers\ndproxy.sys [2011.04.10 20:23:15 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\tssecsrv.sys [2011.04.10 20:23:13 | 000,117,760 | ---- | C] () -- C:\Windows\System32\drivers\rmcast.sys [2011.04.10 20:23:12 | 000,046,080 | ---- | C] () -- C:\Windows\System32\drivers\ndisuio.sys [2011.04.10 20:23:12 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\tcpipreg.sys [2011.04.10 20:23:11 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\tdi.sys [2011.04.10 20:23:10 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys [2011.04.10 20:23:10 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\CompositeBus.sys [2011.04.10 20:23:09 | 000,121,856 | ---- | C] () -- C:\Windows\System32\RDPENCDD.dll [2011.04.10 20:23:09 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\tunnel.sys [2011.04.10 20:23:09 | 000,078,336 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys [2011.04.10 20:23:09 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\acpipmi.sys [2011.04.10 20:23:08 | 000,132,224 | ---- | C] () -- C:\Windows\System32\drivers\WUDFRd.sys [2011.04.10 20:23:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\drivers\ndiswan.sys [2011.04.10 20:23:08 | 000,050,176 | ---- | C] () -- C:\Windows\System32\drivers\appid.sys [2011.04.10 20:23:08 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\hidusb.sys [2011.04.10 20:23:07 | 000,065,536 | ---- | C] () -- C:\Windows\System32\drivers\IPMIDrv.sys [2011.04.10 20:23:06 | 000,304,128 | ---- | C] () -- C:\Windows\System32\drivers\HdAudio.sys [2011.04.10 20:23:06 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\hdaudbus.sys [2011.04.10 20:23:06 | 000,092,672 | ---- | C] () -- C:\Windows\System32\drivers\WUDFPf.sys [2011.04.10 20:23:06 | 000,063,488 | ---- | C] () -- C:\Windows\System32\drivers\wanarp.sys [2011.04.10 20:23:06 | 000,039,936 | ---- | C] () -- C:\Windows\System32\drivers\umbus.sys [2011.04.10 20:23:06 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\kbdhid.sys [2011.04.10 20:23:06 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\scfilter.sys [2011.04.10 20:23:06 | 000,026,624 | ---- | C] () -- C:\Windows\System32\RDPREFDD.dll [2011.04.10 20:23:06 | 000,018,432 | ---- | C] () -- C:\Windows\System32\drivers\tdpipe.sys [2011.04.10 20:23:06 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\sffp_sd.sys [2011.04.10 20:23:06 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\RDPCDD.sys [2011.04.10 20:23:04 | 000,007,168 | ---- | C] () -- C:\Windows\System32\KBDSG.DLL [2011.04.10 20:23:04 | 000,007,168 | ---- | C] () -- C:\Windows\System32\kbdlk41a.dll [2011.04.10 20:23:04 | 000,007,168 | ---- | C] () -- C:\Windows\System32\KBDCZ1.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDTUQ.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDTUF.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDSF.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDPO.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDNEPR.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDINBEN.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDGR1.DLL [2011.04.10 20:23:04 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDGKL.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDUS.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDUGHR1.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDTURME.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDTAJIK.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDMON.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDMAORI.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDLT1.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINTEL.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINTAM.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINORI.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINMAR.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINKAN.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINHIN.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDBULG.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDBLR.DLL [2011.04.10 20:23:04 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDBASH.DLL [2011.04.10 20:23:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\KBDGEO.DLL [2011.02.10 16:13:15 | 000,728,448 | ---- | C] () -- C:\Windows\System32\drivers\dxgkrnl.sys [2011.02.10 16:13:15 | 000,219,008 | ---- | C] () -- C:\Windows\System32\drivers\dxgmms1.sys [2011.02.10 16:13:15 | 000,107,520 | ---- | C] () -- C:\Windows\System32\cdd.dll [2011.01.15 20:58:18 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2010.11.28 13:47:39 | 000,110,304 | ---- | C] () -- C:\Windows\System32\drivers\ACEDRV09.sys [2010.11.28 12:44:59 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\FileOut.cns [2010.11.28 12:44:59 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\FileIn.cns [2010.11.27 21:33:11 | 000,000,851 | ---- | C] () -- C:\Program Files\Uninstall ElsterFormular.lnk ========== ZeroAccess Check ========== [2011.11.17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\L [2012.08.12 08:56:23 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\U [2011.11.17 06:38:39 | 000,002,048 | -HS- | M] () -- C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\@ [2011.11.17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\L [2012.08.29 06:57:14 | 000,000,000 | -HSD | M] -- C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\U [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-46828319-3922081854-4210988598-1000\$ae7e67617e7c5b1b52d261d8b63523d2\n. -- File not found [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\$Recycle.Bin\S-1-5-18\$ae7e67617e7c5b1b52d261d8b63523d2\n. -- File not found "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.03.29 19:44:20 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Babylon [2011.04.20 09:01:36 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.08.22 16:10:48 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\DVDVideoSoft [2011.08.22 16:10:33 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.10 17:49:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\elsterformular [2012.09.06 07:15:34 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Flight One Software [2012.03.01 21:24:07 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\FreePDF [2011.08.21 20:56:15 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\MusicNet [2012.09.06 08:57:09 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\MyTraffic [2012.03.29 19:50:00 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\OpenCandy [2012.11.22 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Oxfoj [2011.12.25 18:43:43 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\PC Suite [2011.12.25 18:38:39 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Samsung [2012.11.20 22:42:24 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\SoftGrid Client [2010.11.28 10:31:03 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\TP [2011.01.15 20:51:32 | 000,000,000 | ---D | M] -- C:\Users\Marcel\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:74603393 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:00934A10 < End of report > Code:
ATTFilter OTL Extras logfile created on: 11/22/2012 8:46:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.08% Memory free
12.76 Gb Paging File | 11.36 Gb Available in Paging File | 89.08% Paging File free
Paging file location(s): c:\pagefile.sys 10000 15000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1228.82 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 20.99 Gb Free Space | 52.48% Space Free | Partition Type: NTFS
Drive E: | 164.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 111.79 Gb Total Space | 48.44 Gb Free Space | 43.33% Space Free | Partition Type: NTFS
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01C3630A-7FD2-46DF-B514-A4B829B0021A}" = aerosoft's - German Airports 2 - 2012 (FSX)
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA7BE0D-3DC3-4F04-B64D-9AA2041B76AB}" = Aerosoft's - Heraklion X
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{17440258-DB48-49DE-8391-79900477490C}" = aerosoft's - Madeira X
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1B19DA07-6870-4E60-9171-5C53AD21A0E0}" = aerosoft's - Mega Airport Munich X
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20708FD5-E94D-4097-A21E-E28564CDBC06}" = PMDG 737 8900 NGX
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2C36035A-65D8-4711-A2CB-ED18A725EBDF}" = Aerosoft's - Sharm El-Sheikh 2012 - FSX
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37F50C53-EDED-4FFE-9877-532A335C5C18}" = Aerosoft's - MyTraffic 2013
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{51E89BD2-CDC1-4185-88BE-F8D5032B8D21}" = Aerosoft's - Djerba X
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62B7012A-D02C-4981-9D37-634DF40E9578}" = aerosoft's - Santorini X
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A073262-FB25-4224-AE36-C2725A616E05}" = Aerosoft's - Corfu X
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C30FA2C9-6740-4485-A164-858D2884E154}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D1F56041-DDC6-4508-994D-D70FC4022DB0}" = aerosoft's - Holiday Airports FSX
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA8BFB69-7188-4C09-B722-47D355CEB205}" = Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"39992AD7-103F-4308-8BB7-3F65F543604D" = Online Visions
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Bus Driver" = Bus Driver 1.0
"ElsterFormular 11.5.1.4843" = ElsterFormular
"ElsterFormular 13.0.0.8055p" = ElsterFormular
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallBrain Updater Service" = InstallBrain Updater Service
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProTrain 20 Dortmund - Hannover 1.0" = ProTrain 20 Dortmund - Hannover 1.0
"QualityWings Ultimate 757 Collection FSX_is1" = QualityWings Ultimate 757 Collection FSX 1.2.6
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"SpecialSavings" = SpecialSavings
"Train Simulator 1.0" = Microsoft Train Simulator
"ViMaCore X" = VistaMare ViMaCore X
"WinLiveSuite" = Windows Live Essentials
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QualityWings Ultimate 757 Collection" = QualityWings Ultimate 757 Collection
"STANLY Track" = STANLY Track
"Tower Simulator" = Tower Simulator
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/21/2012 5:03:33 PM | Computer Name = Marcel-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
Error - 11/22/2012 10:42:02 AM | Computer Name = Marcel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 11/22/2012 10:51:58 AM | Computer Name = Marcel-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
Error - 11/22/2012 11:58:33 AM | Computer Name = Marcel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 11/22/2012 11:59:06 AM | Computer Name = Marcel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 11/22/2012 12:21:05 PM | Computer Name = Marcel-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_Init(avgntflt) konnte nicht geladen werden. Fehlercode:
0xffffffff
Error - 11/22/2012 12:31:04 PM | Computer Name = Marcel-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
Error - 11/22/2012 3:41:14 PM | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avscan.exe, Version: 12.3.0.48, Zeitstempel:
0x50740d9b Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0xf88 Startzeit der fehlerhaften Anwendung: 0x01cdc8ce0f53be75 Pfad der fehlerhaften
Anwendung: C:\Program Files\Avira\AntiVir Desktop\avscan.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 92ca986a-34dc-11e2-9065-6c626d8fb857
Error - 11/22/2012 3:48:30 PM | Computer Name = Marcel-PC | Source = VSS | ID = 8193
Description =
Error - 11/22/2012 3:48:30 PM | Computer Name = Marcel-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 11/22/2012 12:20:58 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 11/22/2012 12:20:59 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 11/22/2012 12:20:59 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 11/22/2012 12:21:15 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Avira Browser Schutz" ist vom Dienst "Avira Echtzeit Scanner"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066
Error - 11/22/2012 12:21:15 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%307.
Error - 11/22/2012 12:21:15 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avkmgr ssmdrv
Error - 11/22/2012 12:22:06 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 11/22/2012 12:22:06 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 11/22/2012 1:46:02 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 11/22/2012 1:46:02 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-22 22:49:43
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Services - GMER 1.0.15 ----
Service C:\SystemRoot\System32\Drivers\eaee972c454f49b9.sys (*** hidden *** ) [BOOT] eaee972c454f49b9 <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@ImagePath \SystemRoot\System32\Drivers\eaee972c454f49b9.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\services\eaee972c454f49b9@DisplayName syshost.exe
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@ImagePath \SystemRoot\System32\Drivers\eaee972c454f49b9.sys
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@Tag 1
Reg HKLM\SYSTEM\ControlSet002\services\eaee972c454f49b9@DisplayName syshost.exe
---- EOF - GMER 1.0.15 ----
|
|
23.11.2012, 08:40
| #2 | ||
| /// Malwareteam    | Trojaner im Online-Banking Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Das ist richtig, du hast mehrere Fieslinge an Bord! Schritt 1: Programme deinstallieren
Schritt 2: Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
23.11.2012, 23:11
| #3 |
| | Trojaner im Online-Banking So,
__________________Ask Toolbar Babylon toolbar on IE sind vom Rechner runtergeschmissen. ComboFix sagt folgendes: Code:
ATTFilter ComboFix 12-11-23.02 - Marcel 23.11.2012 22:57:43.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3063.1889 [GMT 1:00]
ausgeführt von:: c:\users\Marcel\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{4E22905B-1EA9-CD5C-3DE8-0D211DB8D0A8}\syshost.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-23 bis 2012-11-23 ))))))))))))))))))))))))))))))
.
.
2012-11-23 22:03 . 2012-11-23 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-22 22:43 . 2012-11-22 22:48 -------- d-----w- c:\users\Marcel\AppData\Local\jZip
2012-11-22 22:43 . 2012-11-22 22:43 -------- d-----w- c:\program files\jZip
2012-11-22 20:59 . 2012-11-22 20:59 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-22 20:59 . 2012-11-22 20:59 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-13 17:18 . 2012-11-13 17:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-13 17:18 . 2012-11-13 17:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-13 17:18 . 2012-11-13 17:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-13 17:18 . 2012-11-13 17:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-13 17:18 . 2012-11-13 17:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-13 17:18 . 2012-11-13 17:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-13 17:18 . 2012-11-13 17:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-11-13 17:18 . 2012-11-13 17:18 -------- d-----w- c:\program files\QuickTime
2012-11-03 10:04 . 2012-11-12 19:02 -------- d-----w- c:\users\Marcel\AppData\Local\ElevatedDiagnostics
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 20:59 . 2012-04-04 14:54 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-21 20:59 . 2011-06-08 18:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-14 9288296]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-05-10 270336]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
S2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 12:10]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-27 12:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://hotmail.de/
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-syshost32 - c:\windows\Installer\{4E22905B-1EA9-CD5C-3DE8-0D211DB8D0A8}\syshost.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-46828319-3922081854-4210988598-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-46828319-3922081854-4210988598-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-23 23:04:51
ComboFix-quarantined-files.txt 2012-11-23 22:04
ComboFix2.txt 2012-11-23 21:37
.
Vor Suchlauf: 13 Verzeichnis(se), 1.340.059.480.064 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 1.339.776.122.880 Bytes frei
.
- - End Of File - - 388D3CC61B2775F8AD64DCB8E4C2EFA6
|
|
27.11.2012, 06:12
| #4 |
| | Trojaner im Online-Banking Hallo Marius, nachdem Combofix gelaufen ist habe ich folgende Warnung von Java bekommen: Code:
ATTFilter A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d413f5f, pid=3956, tid=3744
#
# JRE version: 6.0_21-b06
# Java VM: Java HotSpot(TM) Client VM (17.0-b16 mixed mode windows-x86 )
# Problematic frame:
# C [jp2iexp.dll+0x3f5f]
#
# If you would like to submit a bug report, please visit:
# hxxp://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
--------------- T H R E A D ---------------
Current thread (0x03f39000): JavaThread "main" [_thread_in_native, id=3744, stack(0x03f40000,0x04140000)]
siginfo: ExceptionCode=0xc0000005, reading address 0x00000000
Registers:
EAX=0x00000000, EBX=0x0e979498, ECX=0x0958d210, EDX=0x0413d27c
ESP=0x0413d258, EBP=0x0413d268, ESI=0x00000000, EDI=0x03f39000
EIP=0x6d413f5f, EFLAGS=0x00010202
Top of Stack: (sp=0x0413d258)
0x0413d258: 0413d27c 0413d264 0e979498 00000000
0x0413d268: 0413d2a8 0a809f47 03f39118 0413d2b0
0x0413d278: 05490d68 00000000 03f396f8 fffffffe
0x0413d288: 0413d288 0e979498 0413d2bc 0e9822b8
0x0413d298: 00000000 0e979498 00000000 0413d2b8
0x0413d2a8: 0413d2e4 0a802f07 0e981cc8 0a808286
0x0413d2b8: 05490d68 00000000 0c8958e8 0413d2c4
0x0413d2c8: 0e979407 0413d2ec 0e9822b8 00000000
Instructions: (pc=0x6d413f5f)
0x6d413f4f: 33 f6 85 c0 7c 3a 8b 45 fc 8d 55 14 52 89 75 14
0x6d413f5f: 8b 08 50 ff 91 a0 00 00 00 85 c0 7c 1a 8b 75 14
Stack: [0x03f40000,0x04140000], sp=0x0413d258, free space=7f40413cd74k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [jp2iexp.dll+0x3f5f]
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub
V [jvm.dll+0xf3abc]
V [jvm.dll+0x1865b1]
V [jvm.dll+0xf3b3d]
V [jvm.dll+0xfd5cf]
V [jvm.dll+0x1003c7]
C [jp2iexp.dll+0x17a5]
C [jp2iexp.dll+0x8647]
C [jp2iexp.dll+0x7b19]
C [USER32.dll+0x1c4e7]
C [USER32.dll+0x1c5e7]
C [USER32.dll+0x1cc19]
C [USER32.dll+0x1cc70]
C [IEFRAME.dll+0xf206c]
C [IEFRAME.dll+0x111dc6]
C [iertutil.dll+0x1415f0]
C [IEFRAME.dll+0x10027b]
C [kernel32.dll+0x4ed6c]
C [ntdll.dll+0x6377b]
C [ntdll.dll+0x6374e]
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase0(J)Ljava/lang/String;+0
j sun.plugin2.main.server.IExplorerPlugin.getDocumentBase()Ljava/lang/String;+31
j sun.plugin2.main.server.JVMInstance.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZIZZ)Z+14
j sun.plugin2.main.server.JVMManager.startAppletImpl(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;ZIZ)Lsun/plugin2/main/server/AppletID;+240
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZLjava/lang/String;)Lsun/plugin2/main/server/AppletID;+16
j sun.plugin2.main.server.JVMManager.startApplet(Ljava/util/Map;Lsun/plugin2/main/server/Plugin;JJZ)Lsun/plugin2/main/server/AppletID;+19
j sun.plugin2.main.server.IExplorerPlugin.maybeStartApplet()V+192
j sun.plugin2.main.server.IExplorerPlugin.access$200(Lsun/plugin2/main/server/IExplorerPlugin;)V+1
j sun.plugin2.main.server.IExplorerPlugin$BackgroundStarter$1.run()V+7
v ~StubRoutines::call_stub
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x12ca6800 JavaThread "JRE 1.6.0.21 Worker Thread" [_thread_blocked, id=3592, stack(0x14550000,0x14650000)]
0x12ca5800 JavaThread "JRE 1.6.0.21 Output Reader Thread" [_thread_in_native, id=4880, stack(0x14450000,0x14550000)]
0x12ca4400 JavaThread "JRE 1.6.0.21 Output Reader Thread" [_thread_in_native, id=1576, stack(0x14170000,0x14270000)]
0x12ca3c00 JavaThread "Thread-0" [_thread_in_native, id=5972, stack(0x14010000,0x14110000)]
0x12ca3400 JavaThread "Java Plug-In Pipe Worker Thread (Server-Side)" daemon [_thread_in_native, id=5732, stack(0x13b30000,0x13c30000)]
0x053c3800 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=4440, stack(0x12fe0000,0x130e0000)]
0x0538d000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=3528, stack(0x12a10000,0x12b10000)]
0x05387c00 JavaThread "CompilerThread0" daemon [_thread_blocked, id=5704, stack(0x091d0000,0x092d0000)]
0x05386800 JavaThread "Attach Listener" daemon [_thread_blocked, id=1920, stack(0x12830000,0x12930000)]
0x05384800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2132, stack(0x088b0000,0x089b0000)]
0x05366800 JavaThread "Finalizer" daemon [_thread_blocked, id=4656, stack(0x08f40000,0x09040000)]
0x05365000 JavaThread "Reference Handler" daemon [_thread_blocked, id=2720, stack(0x05720000,0x05820000)]
=>0x03f39000 JavaThread "main" [_thread_in_native, id=3744, stack(0x03f40000,0x04140000)]
Other Threads:
0x05362c00 VMThread [stack: 0x08770000,0x08870000] [id=2432]
0x05395000 WatcherThread [stack: 0x08c20000,0x08d20000] [id=5596]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap
def new generation total 4928K, used 1221K [0x0c800000, 0x0cd50000, 0x0d2a0000)
eden space 4416K, 27% used [0x0c800000, 0x0c9317f0, 0x0cc50000)
from space 512K, 0% used [0x0cc50000, 0x0cc50000, 0x0ccd0000)
to space 512K, 0% used [0x0ccd0000, 0x0ccd0000, 0x0cd50000)
tenured generation total 10944K, used 0K [0x0d2a0000, 0x0dd50000, 0x0e800000)
the space 10944K, 0% used [0x0d2a0000, 0x0d2a0000, 0x0d2a0200, 0x0dd50000)
compacting perm gen total 12288K, used 3177K [0x0e800000, 0x0f400000, 0x12800000)
the space 12288K, 25% used [0x0e800000, 0x0eb1a688, 0x0eb1a800, 0x0f400000)
No shared spaces configured.
Dynamic libraries:
0x01290000 - 0x01348000 C:\Program Files\Internet Explorer\iexplore.exe
0x77640000 - 0x7777c000 C:\Windows\SYSTEM32\ntdll.dll
0x766d0000 - 0x767a4000 C:\Windows\system32\kernel32.dll
0x75850000 - 0x7589b000 C:\Windows\system32\KERNELBASE.dll
0x767b0000 - 0x76850000 C:\Windows\system32\ADVAPI32.dll
0x76550000 - 0x765fc000 C:\Windows\system32\msvcrt.dll
0x77790000 - 0x777a9000 C:\Windows\SYSTEM32\sechost.dll
0x777b0000 - 0x77851000 C:\Windows\system32\RPCRT4.dll
0x75d30000 - 0x75df9000 C:\Windows\system32\USER32.dll
0x76500000 - 0x7654e000 C:\Windows\system32\GDI32.dll
0x75e50000 - 0x75e5a000 C:\Windows\system32\LPK.dll
0x75ae0000 - 0x75b7d000 C:\Windows\system32\USP10.dll
0x760a0000 - 0x760f7000 C:\Windows\system32\SHLWAPI.dll
0x76850000 - 0x7749a000 C:\Windows\system32\SHELL32.dll
0x763a0000 - 0x764fc000 C:\Windows\system32\ole32.dll
0x75e60000 - 0x75f71000 C:\Windows\system32\urlmon.dll
0x75c40000 - 0x75ccf000 C:\Windows\system32\OLEAUT32.dll
0x76130000 - 0x762e8000 C:\Windows\system32\iertutil.dll
0x75f80000 - 0x7609b000 C:\Windows\system32\WININET.dll
0x77780000 - 0x77783000 C:\Windows\system32\Normaliz.dll
0x76380000 - 0x7639f000 C:\Windows\system32\IMM32.DLL
0x76600000 - 0x766cc000 C:\Windows\system32\MSCTF.dll
0x69a40000 - 0x6a38d000 C:\Windows\system32\IEFRAME.dll
0x77860000 - 0x77865000 C:\Windows\system32\PSAPI.DLL
0x734e0000 - 0x7351c000 C:\Windows\system32\OLEACC.dll
0x746e0000 - 0x7487e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
0x75b80000 - 0x75bfb000 C:\Windows\system32\comdlg32.dll
0x6bbe0000 - 0x6bc11000 C:\Program Files\Internet Explorer\IEShims.dll
0x75750000 - 0x7575c000 C:\Windows\system32\CRYPTBASE.dll
0x74560000 - 0x745a0000 C:\Windows\system32\uxtheme.dll
0x75560000 - 0x75568000 C:\Windows\system32\Secur32.dll
0x756e0000 - 0x756fb000 C:\Windows\system32\SSPICLI.DLL
0x757d0000 - 0x757db000 C:\Windows\system32\profapi.dll
0x75c00000 - 0x75c35000 C:\Windows\system32\WS2_32.dll
0x75ad0000 - 0x75ad6000 C:\Windows\system32\NSI.dll
0x750d0000 - 0x75114000 C:\Windows\system32\dnsapi.DLL
0x73b20000 - 0x73b3c000 C:\Windows\system32\iphlpapi.DLL
0x73b10000 - 0x73b17000 C:\Windows\system32\WINNSI.DLL
0x757c0000 - 0x757ce000 C:\Windows\system32\RpcRtRemote.dll
0x74180000 - 0x74193000 C:\Windows\system32\dwmapi.dll
0x61f00000 - 0x62ac5000 C:\Windows\system32\MSHTML.dll
0x74c50000 - 0x74c59000 C:\Windows\system32\VERSION.dll
0x774a0000 - 0x7763d000 C:\Windows\system32\setupapi.dll
0x758c0000 - 0x758e7000 C:\Windows\system32\CFGMGR32.dll
0x758a0000 - 0x758b2000 C:\Windows\system32\DEVOBJ.dll
0x72270000 - 0x7232a000 C:\Windows\system32\d2d1.dll
0x72160000 - 0x7226b000 C:\Windows\system32\DWrite.dll
0x75250000 - 0x75266000 C:\Windows\system32\CRYPTSP.dll
0x6efa0000 - 0x6f023000 C:\Windows\system32\dxgi.dll
0x758f0000 - 0x7591d000 C:\Windows\system32\WINTRUST.dll
0x75920000 - 0x75a3e000 C:\Windows\system32\CRYPT32.dll
0x75840000 - 0x7584c000 C:\Windows\system32\MSASN1.dll
0x6f230000 - 0x6f25c000 C:\Windows\system32\d3d10_1.dll
0x6f1f0000 - 0x6f22a000 C:\Windows\system32\d3d10_1core.dll
0x6ef00000 - 0x6ef0b000 C:\Windows\system32\atiuxpag.dll
0x74ff0000 - 0x7502b000 C:\Windows\system32\rsaenh.dll
0x762f0000 - 0x76373000 C:\Windows\system32\CLBCatQ.DLL
0x66010000 - 0x66043000 C:\Program Files\Internet Explorer\ieproxy.dll
0x74010000 - 0x74031000 C:\Windows\system32\ntmarta.dll
0x75e00000 - 0x75e45000 C:\Windows\system32\WLDAP32.dll
0x75700000 - 0x7574c000 C:\Windows\system32\apphelp.dll
0x73cd0000 - 0x73d22000 C:\Windows\system32\RASAPI32.dll
0x73c80000 - 0x73c95000 C:\Windows\system32\rasman.dll
0x73c70000 - 0x73c7d000 C:\Windows\system32\rtutils.dll
0x70360000 - 0x70366000 C:\Windows\system32\sensapi.dll
0x75760000 - 0x757bf000 C:\Windows\system32\SXS.DLL
0x745a0000 - 0x74695000 C:\Windows\system32\PROPSYS.dll
0x6deb0000 - 0x6dedb000 C:\Windows\system32\msls31.dll
0x74150000 - 0x7417f000 C:\Windows\system32\XmlLite.dll
0x75210000 - 0x7524c000 C:\Windows\system32\mswsock.dll
0x74d20000 - 0x74d25000 C:\Windows\System32\wshtcpip.dll
0x73da0000 - 0x73db0000 C:\Windows\system32\NLAapi.dll
0x62e40000 - 0x62f42000 C:\Windows\system32\d3d10.dll
0x62e00000 - 0x62e33000 C:\Windows\system32\d3d10core.dll
0x71a00000 - 0x71a06000 C:\Windows\system32\rasadhlp.dll
0x75200000 - 0x75206000 C:\Windows\System32\wship6.dll
0x71a40000 - 0x71a67000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
0x71a10000 - 0x71a31000 C:\Program Files\Bonjour\mdnsNSP.dll
0x739d0000 - 0x73a08000 C:\Windows\System32\fwpuclnt.dll
0x71b70000 - 0x71b9e000 C:\Windows\system32\mlang.dll
0x61c00000 - 0x61dbb000 C:\Windows\System32\jscript9.dll
0x74050000 - 0x7414b000 C:\Windows\system32\windowscodecs.dll
0x71710000 - 0x71742000 C:\Windows\system32\WINMM.dll
0x6c620000 - 0x6c628000 C:\Windows\system32\dispex.dll
0x6c460000 - 0x6c471000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
0x718d0000 - 0x7196b000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
0x71970000 - 0x719f7000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
0x6df40000 - 0x6df50000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x60a60000 - 0x60acf000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
0x725a0000 - 0x72677000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.DLL
0x74df0000 - 0x74e07000 C:\Windows\system32\USERENV.dll
0x73680000 - 0x736a3000 C:\Windows\system32\WinSCard.dll
0x6d440000 - 0x6d44c000 C:\Program Files\Java\jre6\bin\jp2ssv.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\MSVCR71.dll
0x61ef0000 - 0x61efb000 C:\Windows\system32\msimtf.dll
0x6ee70000 - 0x6eef1000 C:\Windows\system32\aticfx32.dll
0x6eae0000 - 0x6ee64000 C:\Windows\system32\atidxx32.dll
0x6d410000 - 0x6d42e000 C:\Program Files\Java\jre6\bin\jp2iexp.dll
0x71780000 - 0x71787000 C:\Windows\system32\wsock32.dll
0x704f0000 - 0x70500000 C:\Windows\system32\napinsp.dll
0x704d0000 - 0x704e2000 C:\Windows\system32\pnrpnsp.dll
0x704c0000 - 0x704c8000 C:\Windows\System32\winrnr.dll
0x71020000 - 0x710a4000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
0x6d800000 - 0x6daa7000 C:\PROGRA~1\Java\jre6\bin\client\jvm.dll
0x6d7b0000 - 0x6d7bc000 C:\PROGRA~1\Java\jre6\bin\verify.dll
0x6d330000 - 0x6d34f000 C:\PROGRA~1\Java\jre6\bin\java.dll
0x6d290000 - 0x6d298000 C:\PROGRA~1\Java\jre6\bin\hpi.dll
0x6d7f0000 - 0x6d7ff000 C:\PROGRA~1\Java\jre6\bin\zip.dll
0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files\Java\jre6\bin\deploy.dll
0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll
0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll
0x6d6b0000 - 0x6d6f6000 C:\Program Files\Java\jre6\bin\regutils.dll
0x6d000000 - 0x6d14a000 C:\Program Files\Java\jre6\bin\awt.dll
0x70fc0000 - 0x71011000 C:\Windows\system32\WINSPOOL.DRV
VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Xmx32m -Djava.awt.headless=true -Dkernel.background.download=false -Dkernel.download.dialog=false -XX:MaxDirectMemorySize=64m
java_command: <unknown>
Launcher Type: generic
Environment Variables:
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
PATH=C:\Program Files\Internet Explorer;;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Windows Live\Shared;C:\Program Files\QuickTime\QTSystem
USERNAME=Marcel
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 37 Stepping 5, GenuineIntel
--------------- S Y S T E M ---------------
OS: Windows 7 Build 7601 Service Pack 1
CPU:total 4 (8 cores per cpu, 2 threads per core) family 6 model 37 stepping 5, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ssse3, sse4.1, sse4.2, popcnt, ht
Memory: 4k page, physical 3136628k(1915744k free), swap 13374876k(11700432k free)
vm_info: Java HotSpot(TM) Client VM (17.0-b16) for windows-x86 JRE (1.6.0_21-b06), built on Jun 22 2010 00:56:49 by "java_re" with MS VC++ 7.1 (VS2003)
time: Sat Nov 24 16:50:27 2012
elapsed time: 1 seconds
Vielen vielen Dank schon einmal für deine Hilfe! Viele Grüße Marcel |
|
27.11.2012, 07:16
| #5 |
| /// Malwareteam | Trojaner im Online-Banking Mir fehlt hier noch einiges! Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
27.11.2012, 17:21
| #6 |
| | Trojaner im Online-Banking Hier die Logfile von Malwarebytes nach dem 1. Scan: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_21
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, I:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 3211907072, free: 1996525568
------------ Kernel report ------------
11/27/2012 17:03:26
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\ACEDRV09.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\FsUsbExDisk.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\difxapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff89567560
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xffffffff89309ca8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff89567ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff894df498
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff89504580
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff894e0498
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff89448ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff8946e498
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87e0a030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff862d2028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.27.06
Downloaded database version: v2012.11.26.01
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87e0a030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87e0ad10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87e0a030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff862d2028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xffffffffbd632590, 0xffffffff87e0a030, 0xffffffff85b36ac8
Lower DeviceData: 0xffffffff9c75b100, 0xffffffff862d2028, 0xffffffff88aa28e8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2BD2C32A
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 2844084224
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2844291072 Numsec = 83886080
Partition 3 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 2928177152 Numsec = 2097968
Disk Size: 1500301910016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-2930257168-2930277168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff89448ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8946a500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89448ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8946e498, DeviceName: \Device\0000006c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xffffffffb735acf8, 0xffffffff89448ac8, 0xffffffff85a1a048
Lower DeviceData: 0xffffffff9b9d2fb8, 0xffffffff8946e498, 0xffffffffa34fbcc8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5B6AC646
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 234436482
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 120034123776 bytes
Sector size: 512 bytes
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff89504580, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89537388, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89504580, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff894e0498, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff89567ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff895b3d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89567ac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff894df498, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff89567560, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89560d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89567560, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89309ca8, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Infected: C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\2S57FMFI\VLCMediaPlayerSetup-a04GfN1[1].exe --> [PUP.BundleInstaller.BI]
Infected: C:\ProgramData\IBUpdaterService\repository.xml --> [PUP.InstallBrain]
Infected: C:\ProgramData\IBUpdaterService --> [PUP.InstallBrain]
Infected: C:\Windows\Installer\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\L --> [Backdoor.0Access]
Infected: C:\Windows\Installer\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\U --> [Backdoor.0Access]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occured
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_21
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, I:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 3211907072, free: 2482868224
Geändert von Marshall (27.11.2012 um 17:30 Uhr) |
|
28.11.2012, 07:19
| #7 |
| /// Malwareteam | Trojaner im Online-Banking Du hast mir das systemlog gepostet, bitte poste das log mit den Funden (im selben Ordner).
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
28.11.2012, 17:09
| #8 |
| | Trojaner im Online-Banking Ah, okay, jetzt hab ich's erst gesehen. Code:
ATTFilter Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.11.27.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Marcel :: MARCEL-PC [administrator]
27.11.2012 17:09:54
mbar-log-2012-11-27 (17-09-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 29222
Time elapsed: 5 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot. [f9448537035a10263b3e8a1e6e95ee12]
C:\Windows\Installer\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\L (Backdoor.0Access) -> Delete on reboot. [ed50853764f99a9cc9bc0bf5d927629e]
C:\Windows\Installer\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\U (Backdoor.0Access) -> Delete on reboot. [5edf96265efff343186e857b54acaf51]
Files Detected: 2
C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\2S57FMFI\VLCMediaPlayerSetup-a04GfN1[1].exe (PUP.BundleInstaller.BI) -> Delete on reboot. [99a4f7c595c8e1553cfeddfb827eaa56]
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Delete on reboot. [f9448537035a10263b3e8a1e6e95ee12]
(end)
|
|
29.11.2012, 07:03
| #9 |
| /// Malwareteam | Trojaner im Online-Banking So langsam wird ein Schuh draus!  Schritt 1: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2: FSS Downloade dir bitte Farbar's Service Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
29.11.2012, 19:57
| #10 |
| | Trojaner im Online-Banking Hier die AdwCleaner Logdatei: Code:
ATTFilter # AdwCleaner v2.009 - Datei am 29/11/2012 um 19:53:31 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Marcel - MARCEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Marcel\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files\SpecialSavings
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Marcel\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
Ordner Gelöscht : C:\Users\Marcel\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SpecialSavings
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [3666 octets] - [29/11/2012 19:53:31]
########## EOF - C:\AdwCleaner[S1].txt - [3726 octets] ##########
Code:
ATTFilter Farbar Service Scanner Version: 09-11-2012
Ran by Marcel (administrator) on 29-11-2012 at 19:59:13
Running from "C:\Users\Marcel\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-11-23 22:41] - [2012-10-03 17:58] - 1293680 ____A (Microsoft Corporation) E23A56F843E2AEBBB209D0ACCA73C640
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
30.11.2012, 07:27
| #11 |
| /// Malwareteam | Trojaner im Online-Banking Schritt 1: MBAM Downloade Dir bitte Malwarebytes
Schritt 2: Neues OTL-Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
30.11.2012, 19:38
| #12 |
| | Trojaner im Online-Banking Malwarebytes hat nichts gefunden: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.30.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Marcel :: MARCEL-PC [Administrator] Schutz: Aktiviert 30.11.2012 19:15:01 mbam-log-2012-11-30 (19-15-01).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 210626 Laufzeit: 3 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 11/30/2012 7:21:25 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.96% Memory free 12.76 Gb Paging File | 11.25 Gb Available in Paging File | 88.18% Paging File free Paging file location(s): c:\pagefile.sys 10000 15000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356.17 Gb Total Space | 1249.45 Gb Free Space | 92.13% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 20.99 Gb Free Space | 52.48% Space Free | Partition Type: NTFS Drive E: | 164.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive I: | 111.79 Gb Total Space | 57.77 Gb Free Space | 51.68% Space Free | Partition Type: NTFS Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Marcel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Online Visions\Payback-Reporting.exe () PRC - C:\Program Files\Online Visions\Payback-Updater.exe () PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Windows\vsnp2std.exe (Sonix) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\FixCamera.exe () PRC - C:\Windows\tsnp2std.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Windows\FixCamera.exe () MOD - C:\Windows\tsnp2std.exe () ========== Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Payback-Reporting-Service) -- C:\Program Files\Online Visions\Payback-Reporting.exe () SRV - (Payback-Update-Service) -- C:\Program Files\Online Visions\Payback-Updater.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Marcel\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://hotmail.de/ IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3FFD976D-91C9-478C-92AF-8F196B6559BE}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={AD7E35DA-803C-4351-9D94-1E775ACCF50C}&mid=61c4ed3fafd247d09967bd2b2b6b51a4-ea80feb9512b4d4fcb72e1ea9ef9a28ac87e593f&lang=de&ds=od011&pr=sa&d=2012-03-29 20:51:36&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{A93B53B3-488F-48D3-A76F-E992FECFE98E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marcel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\Online Visions [2012/11/30 19:12:16 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/11/23 23:03:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Online Visions) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Online Visions\Gacela2.dll (Payback) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe () O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Marcel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : Über Online Visions - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Program Files\Online Visions\Gacela2.dll (Payback) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/02/07 18:43:30 | 000,000,000 | ---D | M] - I:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/30 19:13:32 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Roaming\Malwarebytes [2012/11/30 19:13:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/11/30 19:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/30 19:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/11/30 19:12:16 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marcel\Desktop\mbam-setup-1.65.1.1000.exe [2012/11/30 18:12:31 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{C0F3D56F-2EFE-466B-BE3A-A6E4B0F04CFB} [2012/11/29 19:58:12 | 000,694,235 | ---- | C] (Farbar) -- C:\Users\Marcel\Desktop\FSS.exe [2012/11/29 19:40:00 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{1E87FB54-638E-4482-A706-C0FE82892793} [2012/11/29 05:58:37 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{9B0FF270-08AD-4E66-ABCE-CB18FF04ABF0} [2012/11/28 17:06:41 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{F7429EAC-479A-410E-89C0-74824D55D197} [2012/11/27 23:26:51 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{857B8DE5-3B67-4817-AC7C-7B6301ECE88C} [2012/11/27 17:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/27 17:02:09 | 000,000,000 | ---D | C] -- C:\Users\Marcel\Desktop\mbar [2012/11/27 06:05:59 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{3462AFDE-44C1-4BCF-8CA0-FFE01C19710B} [2012/11/26 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{5ED15B4D-4D90-4044-94FF-B958350354D1} [2012/11/25 10:38:05 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{420A08DE-3861-4185-B40C-24F67FFDC9B0} [2012/11/24 22:36:16 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{DDE3F758-8F16-4BEE-AD73-167E009008F2} [2012/11/24 09:40:44 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{D131FE76-2C75-4AE9-ABE0-EDDCDFE67AF7} [2012/11/24 00:09:32 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012/11/24 00:09:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012/11/24 00:09:06 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012/11/24 00:09:06 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012/11/24 00:09:06 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012/11/24 00:08:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/11/24 00:08:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/11/24 00:08:16 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/11/24 00:08:16 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/11/24 00:08:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/11/24 00:08:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/11/24 00:08:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/11/24 00:08:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/11/23 23:04:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/23 23:04:53 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/23 22:42:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2012/11/23 22:41:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012/11/23 22:41:39 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012/11/23 22:41:39 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012/11/23 22:41:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012/11/23 22:41:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012/11/23 22:41:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012/11/23 22:41:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012/11/23 22:41:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012/11/23 22:41:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012/11/23 22:41:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012/11/23 22:41:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012/11/23 22:41:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012/11/23 22:41:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012/11/23 22:41:36 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2012/11/23 22:41:31 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012/11/23 22:41:31 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2012/11/23 22:41:31 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012/11/23 22:41:31 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012/11/23 22:41:31 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012/11/23 22:41:28 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/11/23 22:41:28 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/11/23 22:41:28 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012/11/23 22:41:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012/11/23 22:41:27 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/11/23 22:41:27 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012/11/23 22:41:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012/11/23 22:12:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/23 22:12:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/23 22:12:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/23 21:59:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/23 21:58:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/23 21:58:10 | 005,005,971 | R--- | C] (Swearware) -- C:\Users\Marcel\Desktop\ComboFix.exe [2012/11/23 21:14:39 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{1536B0BF-3518-4ED8-B87E-3A220DD91989} [2012/11/23 06:03:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{A63B1BB5-6849-472C-892F-81D1F767EDAD} [2012/11/22 23:43:46 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\jZip [2012/11/22 23:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\jZip [2012/11/22 21:59:51 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012/11/22 21:59:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012/11/22 21:03:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Marcel\Desktop\aswMBR.exe [2012/11/22 20:45:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2012/11/22 15:43:07 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{21572EE8-AF91-4653-ACBF-C6CF5256FAB5} [2012/11/21 21:54:55 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{8271F3CB-AD35-4AB5-8A60-176E67616232} [2012/11/20 17:17:17 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{F452345F-E10E-4B0B-9FDC-7BC3F22C145D} [2012/11/19 17:28:35 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{2CA135EA-1E4D-4AB7-8D94-BACADAF66975} [2012/11/18 20:00:57 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{67C738BC-EC43-407C-B7B5-E6BA9FBB048B} [2012/11/18 08:00:35 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{222020CE-EC23-4B26-B1EC-45B45CFEBACF} [2012/11/17 16:50:21 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{208D810E-BB85-4DC0-9E55-C8CBDD2AC8D7} [2012/11/16 19:37:34 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{C637C3C0-5554-403B-97F7-354BE96FF3A8} [2012/11/15 17:51:28 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{95ADF2FC-F61C-4F38-9BCE-0E6D439D60CB} [2012/11/14 18:41:25 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{91599797-EC4B-47F8-8086-46150B8A7631} [2012/11/14 06:41:02 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{93C737D6-7113-4B14-A523-C184ECE23CD9} [2012/11/13 18:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/11/13 18:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/11/13 18:07:07 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{55B6EEAC-95A1-481E-90AF-D2526189E34B} [2012/11/12 19:15:10 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{EB1BB110-8062-4AB3-A128-F5D3E17FFD02} [2012/11/11 11:50:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{E35A1EEE-62AB-4406-A0D6-044431C41AD4} [2012/11/10 23:23:53 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{BEA5E14F-FE88-488A-8826-5CF9A5AF8614} [2012/11/10 17:47:57 | 000,000,000 | ---D | C] -- C:\Users\Marcel\Documents\AS_Airport-Enhancement-Services_V225 [2012/11/10 09:18:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{91D8C57B-8F99-4FF2-A649-26EE9554D860} [2012/11/09 14:41:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{65503D7B-585D-405B-9C56-FF1B3F69C2B9} [2012/11/08 17:57:06 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{8FF2ECEE-BA6A-4F68-9062-E25617369EC3} [2012/11/08 05:56:42 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{0D1E790C-CE50-44F9-86B7-DF9022B92FF9} [2012/11/07 16:52:34 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{68D3C026-13BF-46B0-AF7A-A3556C4A936F} [2012/11/06 16:37:52 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{42D70BB0-17B2-41FC-80A6-54C4195770C1} [2012/11/05 16:34:14 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{FEA8A859-CCE7-475D-A973-D132ACFF6D70} [2012/11/05 00:00:34 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{D7EC0F19-08B9-4CA4-AFB4-33903236322A} [2012/11/04 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{9892AD47-B543-4898-9A9E-93AC21976FDC} [2012/11/03 23:32:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{73B9112C-080D-4DC6-B0CA-6E53342C19DE} [2012/11/03 11:04:13 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\ElevatedDiagnostics [2012/11/03 10:43:03 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{030BDAA8-BFC6-4E7A-95D0-7D69116B618B} [2012/11/02 23:38:28 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{0B248095-F5AA-4FC3-AF94-A90846E71233} [2012/11/02 22:50:42 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{BF19E7C3-2185-4CF9-B8E7-FA295D47F93A} [2012/11/02 22:09:16 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{4ABCFD3D-FD7C-487A-B504-7BBE82874C5E} [2012/11/02 21:49:12 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{8BA48F1F-2A04-4E66-A9E2-E20D2547A991} [2012/11/02 17:18:08 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{01B97648-1672-4F8C-82ED-39719C55EF83} [2012/11/02 13:59:09 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{1879364A-7EBC-44E0-8D9C-8D7CAB83FCAA} [2012/11/01 20:30:55 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{4D71B2DA-A358-4F38-B773-DCC90438A4BF} [2012/10/31 22:08:56 | 000,000,000 | ---D | C] -- C:\Users\Marcel\AppData\Local\{2801FB58-6A96-4CD5-A801-EAF6F30815FA} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/30 19:13:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/30 19:12:26 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marcel\Desktop\mbam-setup-1.65.1.1000.exe [2012/11/30 19:06:16 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/30 18:19:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/30 18:19:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/30 18:13:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/30 18:11:58 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012/11/30 18:11:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/30 18:11:51 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012/11/29 21:21:58 | 000,538,357 | ---- | M] () -- C:\Users\Marcel\Documents\DSC_4357.jpg [2012/11/29 21:17:00 | 000,148,104 | ---- | M] () -- C:\Users\Marcel\Documents\Sülo4.jpg [2012/11/29 21:16:14 | 000,072,507 | ---- | M] () -- C:\Users\Marcel\Documents\Sülo3.jpg [2012/11/29 21:15:07 | 000,080,355 | ---- | M] () -- C:\Users\Marcel\Documents\Sülo2.jpg [2012/11/29 21:14:07 | 000,141,336 | ---- | M] () -- C:\Users\Marcel\Documents\Sülo1.jpg [2012/11/29 21:13:17 | 000,139,731 | ---- | M] () -- C:\Users\Marcel\Documents\TS2.jpg [2012/11/29 21:12:19 | 000,099,943 | ---- | M] () -- C:\Users\Marcel\Documents\TS1.jpg [2012/11/29 19:58:12 | 000,694,235 | ---- | M] (Farbar) -- C:\Users\Marcel\Desktop\FSS.exe [2012/11/29 19:52:48 | 000,480,125 | ---- | M] () -- C:\Users\Marcel\Desktop\adwcleaner.exe [2012/11/28 17:12:29 | 000,654,372 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/11/28 17:12:29 | 000,616,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/11/28 17:12:29 | 000,129,986 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/11/28 17:12:29 | 000,106,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/11/27 17:01:25 | 012,961,620 | ---- | M] () -- C:\Users\Marcel\Desktop\mbar-1.01.0.1009.zip [2012/11/25 11:46:23 | 000,002,566 | ---- | M] () -- C:\Users\Marcel\Desktop\Ali-Bey-2013.pdf [2012/11/24 16:40:05 | 000,463,506 | ---- | M] () -- C:\Users\Marcel\Desktop\Musterkuendigung.pdf [2012/11/24 09:38:32 | 000,289,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/11/23 23:03:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/11/23 21:58:38 | 005,005,971 | R--- | M] (Swearware) -- C:\Users\Marcel\Desktop\ComboFix.exe [2012/11/22 23:48:12 | 000,010,456 | ---- | M] () -- C:\Users\Marcel\Desktop\logfiles.zip [2012/11/22 23:43:55 | 000,000,949 | ---- | M] () -- C:\Users\Marcel\Desktop\jZip.lnk [2012/11/22 21:59:42 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012/11/22 21:59:42 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012/11/22 21:59:27 | 000,302,592 | ---- | M] () -- C:\Users\Marcel\Desktop\gmer.exe [2012/11/22 21:32:06 | 000,000,000 | ---- | M] () -- C:\Users\Marcel\defogger_reenable [2012/11/22 21:30:56 | 000,050,477 | ---- | M] () -- C:\Users\Marcel\Desktop\Defogger.exe [2012/11/22 21:04:31 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Marcel\Desktop\aswMBR.exe [2012/11/22 20:45:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marcel\Desktop\OTL.exe [2012/11/21 21:59:57 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/11/21 21:59:57 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/11/15 18:50:54 | 000,176,266 | ---- | M] () -- C:\Users\Marcel\Desktop\AllSecur Tessa.pdf [2012/11/07 16:52:02 | 000,001,013 | ---- | M] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2012/11/05 17:21:43 | 000,351,559 | ---- | M] () -- C:\Users\Marcel\Documents\BeNetti.pdf [2012/11/05 17:05:15 | 000,161,808 | ---- | M] () -- C:\Users\Marcel\Documents\Ela+Ansgar.pdf [2012/11/04 17:35:13 | 000,069,010 | ---- | M] () -- C:\Users\Marcel\Desktop\Allsecur Frauke.pdf [2012/11/03 11:22:09 | 000,405,090 | ---- | M] () -- C:\Users\Marcel\Documents\Rechnung Brandos.pdf [2012/11/01 21:11:42 | 006,466,224 | ---- | M] () -- C:\Users\Marcel\Desktop\Handbuch_Alice_WLAN_4421.pdf [2012/10/31 22:29:43 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Aerosoft Launcher.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/30 19:13:13 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/11/29 21:21:58 | 000,538,357 | ---- | C] () -- C:\Users\Marcel\Documents\DSC_4357.jpg [2012/11/29 21:17:00 | 000,148,104 | ---- | C] () -- C:\Users\Marcel\Documents\Sülo4.jpg [2012/11/29 21:16:14 | 000,072,507 | ---- | C] () -- C:\Users\Marcel\Documents\Sülo3.jpg [2012/11/29 21:15:07 | 000,080,355 | ---- | C] () -- C:\Users\Marcel\Documents\Sülo2.jpg [2012/11/29 21:14:07 | 000,141,336 | ---- | C] () -- C:\Users\Marcel\Documents\Sülo1.jpg [2012/11/29 21:13:17 | 000,139,731 | ---- | C] () -- C:\Users\Marcel\Documents\TS2.jpg [2012/11/29 21:12:19 | 000,099,943 | ---- | C] () -- C:\Users\Marcel\Documents\TS1.jpg [2012/11/29 19:52:43 | 000,480,125 | ---- | C] () -- C:\Users\Marcel\Desktop\adwcleaner.exe [2012/11/27 17:01:09 | 012,961,620 | ---- | C] () -- C:\Users\Marcel\Desktop\mbar-1.01.0.1009.zip [2012/11/25 11:46:23 | 000,002,566 | ---- | C] () -- C:\Users\Marcel\Desktop\Ali-Bey-2013.pdf [2012/11/24 16:40:05 | 000,463,506 | ---- | C] () -- C:\Users\Marcel\Desktop\Musterkuendigung.pdf [2012/11/24 00:09:33 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/24 00:09:06 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/23 22:12:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/23 22:12:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/23 22:12:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/23 22:12:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/23 22:12:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/11/23 22:06:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl [2012/11/22 23:48:11 | 000,010,456 | ---- | C] () -- C:\Users\Marcel\Desktop\logfiles.zip [2012/11/22 23:43:55 | 000,000,979 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk [2012/11/22 23:43:55 | 000,000,949 | ---- | C] () -- C:\Users\Marcel\Desktop\jZip.lnk [2012/11/22 21:59:25 | 000,302,592 | ---- | C] () -- C:\Users\Marcel\Desktop\gmer.exe [2012/11/22 21:32:06 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\defogger_reenable [2012/11/22 21:30:52 | 000,050,477 | ---- | C] () -- C:\Users\Marcel\Desktop\Defogger.exe [2012/11/05 17:21:43 | 000,351,559 | ---- | C] () -- C:\Users\Marcel\Documents\BeNetti.pdf [2012/11/05 17:05:15 | 000,161,808 | ---- | C] () -- C:\Users\Marcel\Documents\Ela+Ansgar.pdf [2012/11/04 17:47:29 | 000,176,266 | ---- | C] () -- C:\Users\Marcel\Desktop\AllSecur Tessa.pdf [2012/11/04 17:35:13 | 000,069,010 | ---- | C] () -- C:\Users\Marcel\Desktop\Allsecur Frauke.pdf [2012/11/03 11:22:08 | 000,405,090 | ---- | C] () -- C:\Users\Marcel\Documents\Rechnung Brandos.pdf [2012/11/01 21:11:42 | 006,466,224 | ---- | C] () -- C:\Users\Marcel\Desktop\Handbuch_Alice_WLAN_4421.pdf [2012/06/10 08:42:19 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2012/06/10 08:42:18 | 012,212,864 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2012/06/10 08:42:18 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp2std.exe [2012/06/10 08:42:18 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2012/06/10 08:42:18 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [2012/06/10 08:42:18 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2012/06/10 08:42:18 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2012/05/03 20:04:39 | 000,000,199 | ---- | C] () -- C:\Users\Marcel\QualityWings_Ultimate 757 Collection.reg [2012/03/01 21:22:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012/03/01 21:22:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011/12/25 18:38:48 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011/12/25 18:38:48 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011/07/04 19:06:11 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/01/15 20:58:18 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2010/11/28 12:44:59 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\FileOut.cns [2010/11/28 12:44:59 | 000,000,000 | ---- | C] () -- C:\Users\Marcel\AppData\Roaming\FileIn.cns [2010/11/27 21:33:11 | 000,000,851 | ---- | C] () -- C:\Program Files\Uninstall ElsterFormular.lnk ========== ZeroAccess Check ========== [2011/11/17 06:38:39 | 000,002,048 | -HS- | M] () -- C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\@ [2011/11/17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\L [2012/08/29 06:57:14 | 000,000,000 | -HSD | M] -- C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\U [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:74603393 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:00934A10 < End of report > Code:
ATTFilter OTL Extras logfile created on: 11/30/2012 7:21:25 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcel\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.96% Memory free
12.76 Gb Paging File | 11.25 Gb Available in Paging File | 88.18% Paging File free
Paging file location(s): c:\pagefile.sys 10000 15000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1249.45 Gb Free Space | 92.13% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 20.99 Gb Free Space | 52.48% Space Free | Partition Type: NTFS
Drive E: | 164.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 111.79 Gb Total Space | 57.77 Gb Free Space | 51.68% Space Free | Partition Type: NTFS
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{A3B7CEB6-9D35-4921-9C7F-67B3FF56E6EF}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{B12B2B47-C3D8-4969-A0F4-9AEEF544FDB3}C:\program files\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"TCP Query User{EC76FEFD-255C-4CEA-ACD2-233B66B4CEA2}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{ED0F6C05-A84E-44C4-8DC3-7BD50E851D23}C:\program files\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"UDP Query User{0E8690F8-2873-4313-BC4F-6EBCBE1F950A}C:\program files\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"UDP Query User{2011EEBF-08DA-424D-BDD9-F027B2C4D077}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{5EB075C0-9B65-44B1-A3C3-E2DC2DECFA35}C:\program files\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"UDP Query User{875B80A5-E456-47D5-BE9A-5751597AA256}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01C3630A-7FD2-46DF-B514-A4B829B0021A}" = aerosoft's - German Airports 2 - 2012 (FSX)
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA7BE0D-3DC3-4F04-B64D-9AA2041B76AB}" = Aerosoft's - Heraklion X
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{17440258-DB48-49DE-8391-79900477490C}" = aerosoft's - Madeira X
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1B19DA07-6870-4E60-9171-5C53AD21A0E0}" = aerosoft's - Mega Airport Munich X
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20708FD5-E94D-4097-A21E-E28564CDBC06}" = PMDG 737 8900 NGX
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2C36035A-65D8-4711-A2CB-ED18A725EBDF}" = Aerosoft's - Sharm El-Sheikh 2012 - FSX
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37F50C53-EDED-4FFE-9877-532A335C5C18}" = Aerosoft's - MyTraffic 2013
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{51E89BD2-CDC1-4185-88BE-F8D5032B8D21}" = Aerosoft's - Djerba X
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{61AF34EF-B0A4-4664-975B-81904824EB1C}" = WISO Mein Geld 2011 Professional
"{62B7012A-D02C-4981-9D37-634DF40E9578}" = aerosoft's - Santorini X
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A073262-FB25-4224-AE36-C2725A616E05}" = Aerosoft's - Corfu X
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C30FA2C9-6740-4485-A164-858D2884E154}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D1F56041-DDC6-4508-994D-D70FC4022DB0}" = aerosoft's - Holiday Airports FSX
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA8BFB69-7188-4C09-B722-47D355CEB205}" = Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"39992AD7-103F-4308-8BB7-3F65F543604D" = Online Visions
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Bus Driver" = Bus Driver 1.0
"ElsterFormular 13.0.0.8055p" = ElsterFormular
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.04" = GPL Ghostscript
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"ProTrain 20 Dortmund - Hannover 1.0" = ProTrain 20 Dortmund - Hannover 1.0
"QualityWings Ultimate 757 Collection FSX_is1" = QualityWings Ultimate 757 Collection FSX 1.2.6
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"Train Simulator 1.0" = Microsoft Train Simulator
"WinLiveSuite" = Windows Live Essentials
"WISO Mein Geld 2011 Professional" = WISO Mein Geld 2011 Professional
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"jZip" = jZip
"QualityWings Ultimate 757 Collection" = QualityWings Ultimate 757 Collection
"STANLY Track" = STANLY Track
"Tower Simulator" = Tower Simulator
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/22/2012 5:12:19 PM | Computer Name = Marcel-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
Error - 11/22/2012 6:43:42 PM | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SetupDataMngr_Searchqu.exe, Version:
4.1.0.3298, Zeitstempel: 0x4b1ae3cc Name des fehlerhaften Moduls: InstallHelper.DLL,
Version: 0.0.0.0, Zeitstempel: 0x503f7134 Ausnahmecode: 0xc0000005 Fehleroffset:
0x0000e2f5 ID des fehlerhaften Prozesses: 0xf38 Startzeit der fehlerhaften Anwendung:
0x01cdc902cfd59ee8 Pfad der fehlerhaften Anwendung: C:\Users\Marcel\AppData\Local\Temp\nssD155.tmp\nscE64C.tmp\SetupDataMngr_Searchqu.exe
Pfad
des fehlerhaften Moduls: C:\Users\Marcel\AppData\Local\Temp\InstallHelper.DLL Berichtskennung:
1010c434-34f6-11e2-8c54-6c626d8fb857
Error - 11/23/2012 1:02:57 AM | Computer Name = Marcel-PC | Source = Avira Antivirus | ID = 4122
Description =
Error - 11/23/2012 4:14:14 PM | Computer Name = Marcel-PC | Source = Avira Antivirus | ID = 4122
Description =
Error - 11/23/2012 4:14:28 PM | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 12.3.0.15,
Zeitstempel: 0x4fa05b53 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003224d ID des fehlerhaften
Prozesses: 0x6fc Startzeit der fehlerhaften Anwendung: 0x01cdc9b717ba0fcd Pfad der
fehlerhaften Anwendung: C:\Program Files\Avira\AntiVir Desktop\avguard.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 61d52a7b-35aa-11e2-a657-6c626d8fb857
Error - 11/23/2012 4:24:10 PM | Computer Name = Marcel-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
Error - 11/23/2012 4:52:19 PM | Computer Name = Marcel-PC | Source = Avira Antivirus | ID = 4122
Description =
Error - 11/23/2012 5:06:10 PM | Computer Name = Marcel-PC | Source = Avira Antivirus | ID = 4122
Description =
Error - 11/23/2012 5:18:51 PM | Computer Name = Marcel-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Initialization failed 0x80070424 Type:
88::UnexpectedError.
Error - 11/30/2012 1:12:16 PM | Computer Name = Marcel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000
ID
des fehlerhaften Prozesses: 0x418 Startzeit der fehlerhaften Anwendung: 0x01cdcf1dcbfffa25
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 167a4bdf-3b11-11e2-97d5-6c626d8fb857
[ System Events ]
Error - 11/30/2012 1:12:18 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 11/30/2012 1:12:18 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sekundäre Anmeldung" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11/30/2012 1:12:18 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 11/30/2012 1:12:18 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11/30/2012 1:12:18 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 11/30/2012 1:12:18 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000
Millisekunden durchgeführt: Neustart des Diensts.
Error - 11/30/2012 1:13:18 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 11/30/2012 1:14:19 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 11/30/2012 1:14:19 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Multimediaklassenplaner" Korrekturmaßnahmen (Neustart des Diensts)
durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 11/30/2012 1:14:19 PM | Computer Name = Marcel-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart
des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
< End of report >
|
|
03.12.2012, 07:57
| #13 |
| /// Malwareteam | Trojaner im Online-Banking Fix mit OTL
Code:
ATTFilter :OTL
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:74603393
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:00934A10
:FILES
C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}
:commands
[emptytemp]
Wie verhält sich der Rechner?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
03.12.2012, 19:56
| #14 |
| | Trojaner im Online-BankingCode:
ATTFilter All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:74603393 deleted successfully.
ADS C:\ProgramData\Temp:00934A10 deleted successfully.
========== FILES ==========
C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\U folder moved successfully.
C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2}\L folder moved successfully.
C:\Users\Marcel\AppData\Local\{ae7e6761-7e7c-5b1b-52d2-61d8b63523d2} folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Marcel
->Temp folder emptied: 10983038 bytes
->Temporary Internet Files folder emptied: 4527121927 bytes
->Java cache emptied: 43319301 bytes
->Flash cache emptied: 136347 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28235643 bytes
RecycleBin emptied: 347876 bytes
Total Files Cleaned = 4,397.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12032012_192709
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
04.12.2012, 09:17
| #15 |
| /// Malwareteam | Trojaner im Online-Banking Wie verhält sich der Rechner?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Trojaner im Online-Banking |
| 0x8007042, antivir, autorun, avira, avira searchfree toolbar, babylontoolbar, bho, bonjour, cid, converter, e-banking, ebay, error, failed, firefox, flash player, geld, helper, home, installbrain, kunde, logfile, microsoft office starter 2010, mp3, plug-in, problem, realtek, recycle.bin, registry, security, software, super, tower, trojaner, usb 3.0, windows, wiso |
Textbox.
Linear-Darstellung
