| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner > http://boxtralsurvisv.pl/gis/file.phpWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.02.2013, 00:25
| #1 |
 |  Trojaner > http://boxtralsurvisv.pl/gis/file.php Hallo Forums-Gemeinde, heute in der früh erhielt ich folgende Malware-Meldung von Avira Antivirus Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php" wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan] gefunden. Diese Meldung kam 9x, davon wurde es 4x blockiert und 5x in Quarantäne verschoben. Wie sich jetzt rausgestellt hat hab ich mir wohl den hier eingefangen: https://www.kreissparkasse-augsburg.de/privatkunden/banking/aktuelle-sicherheitsmeldungen/ueberblick/index.php?n=%2Fprivatkunden%2Fbanking%2Faktuelle-sicherheitsmeldungen%2Fueberblick%2F Avira erkennt keine Schädlinge und alle Online-Viren-Scanner können vom Browser nicht geöffnet werden und werden somit wohl vom Trojaner blockiert. Es handelt sich um mein Firmen-Notebook und daher möchte ich das Drecksding schnellstens loswerden! Kann ich dennoch mit dem Notebook weiterarbeiten? Besten Dank im Voraus für eure Unterstützung! Schöne Grüße |
|
06.02.2013, 11:41
| #2 |
| /// Malware-holic   | Trojaner > http://boxtralsurvisv.pl/gis/file.php hi habt irh ne IT abteilung? dann müsste das Gerät an die gehen.
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
06.02.2013, 16:15
| #3 |
| | Trojaner > http://boxtralsurvisv.pl/gis/file.php Besten Dank, dass du dich der Sache annimmst...
__________________[QUOTE]OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 06.02.2013 15:28:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mustermann\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,92 Gb Total Physical Memory | 5,88 Gb Available Physical Memory | 74,28% Memory free 15,83 Gb Paging File | 13,55 Gb Available in Paging File | 85,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,17 Gb Total Space | 558,40 Gb Free Space | 93,67% Space Free | Partition Type: NTFS Computer Name: NB72974 | User Name: Mustermann| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.06 14:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe PRC - [2013.02.06 12:09:44 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.06 12:09:18 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.02.06 12:09:14 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2013.02.06 12:09:10 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.06 12:09:10 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.08 23:05:32 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.14 17:14:24 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.11.14 17:14:20 | 001,355,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011.11.14 17:13:58 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011.11.14 17:13:52 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.07.07 14:44:12 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe PRC - [2011.07.07 14:44:12 | 000,066,696 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe PRC - [2011.06.17 21:02:56 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.06.17 21:02:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.05.31 16:28:04 | 002,801,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.05.20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.03.09 11:40:12 | 000,342,984 | ---- | M] () -- C:\Program Files (x86)\OneClickInternet\WTGService.exe PRC - [2011.03.04 09:46:50 | 000,318,464 | ---- | M] (HUAWEI Technologies Co., Ltd.) -- C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe PRC - [2009.09.12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe PRC - [2009.09.12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe ========== Modules (No Company Name) ========== MOD - [2013.01.10 13:06:30 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll MOD - [2013.01.10 13:06:30 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll MOD - [2013.01.10 09:03:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll MOD - [2013.01.10 09:03:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 09:03:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.10 09:03:08 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 09:02:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 09:02:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 09:02:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 09:02:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 09:02:47 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.08.30 13:32:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.01.13 12:22:24 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2012.01.13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV:64bit: - [2012.01.04 12:27:32 | 001,526,032 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2012.01.04 12:14:38 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2012.01.04 12:13:06 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2011.12.22 07:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.12.12 03:40:36 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.07.15 15:43:38 | 000,969,352 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV:64bit: - [2011.05.31 15:51:20 | 000,552,584 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.06 12:09:44 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.06 12:09:18 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.02.06 12:09:14 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013.02.06 12:09:10 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.06 08:32:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 03:01:34 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.14 17:14:24 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.11.14 17:14:20 | 001,355,840 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.11.14 17:13:58 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.07.07 14:44:12 | 000,066,696 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service) SRV - [2011.06.17 21:02:56 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.06.17 21:02:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.06.16 21:51:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.03.09 11:40:12 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OneClickInternet\WTGService.exe -- (WTGService) SRV - [2011.03.04 09:46:50 | 000,318,464 | ---- | M] (HUAWEI Technologies Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe -- (GobiQDLService) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.13 13:33:15 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.13 13:33:15 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.06 12:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.10.10 07:49:01 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.26 20:38:28 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.10 20:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.12.22 08:30:24 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.12.22 07:12:40 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.12.12 03:33:36 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.12.12 03:33:36 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.12.09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.11.15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.11.14 17:13:40 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.10.25 01:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.10.25 01:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.08.23 10:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.06.25 04:13:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.06.21 14:19:16 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2011.06.21 14:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.06.21 14:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.06.17 21:02:39 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.06.16 21:51:52 | 000,337,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011.06.15 21:17:49 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.04.21 02:29:28 | 000,399,872 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gobi3kmbb.sys -- (gobi3kmbb) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.30 02:19:52 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.01.27 11:41:18 | 000,894,240 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:64bit: - [2010.12.13 08:18:48 | 000,233,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gobi3kserial.sys -- (gobi3kserial) DRV:64bit: - [2010.12.13 08:16:58 | 000,034,304 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gobi3kfilter.sys -- (gobi3kfilter) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.04.26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.09.08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 15:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.barmenia.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ctx4u.barmenia.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{D05A5CCC-F9DB-420D-A904-FC7352E095A0}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKCU\..\SearchScopes\{F488FC5C-999A-438E-9E67-D5BACB4CA636}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 08:32:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 08:32:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.17 06:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions [2012.10.26 12:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\vmk9qltx.default\extensions [2013.02.06 08:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.06 08:32:04 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://barmenia.netucate.net/download1026/AXCltInstall.dll (ILINCInstall102 Class) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} https://ssl.barmenia24.de/app/BRP/notes/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://ssl.barmenia24.de/app/BRP/notes/dwa7W.cab (Domino Web Access 7 Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.82.226.212 8.8.8.8 8.8.4.4 212.82.225.7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2059A514-1620-4A39-9E24-971002190803}: DhcpNameServer = 212.82.226.212 8.8.8.8 8.8.4.4 212.82.225.7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85D5E2AA-3D09-4B73-9F95-A63BDA5EB5D9}: DhcpNameServer = 212.82.226.212 8.8.8.8 8.8.4.4 212.82.225.7 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9874BCF-A61B-4E56-BAF4-4BBF9EF79061}: NameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{3942788D-F1D2-4201-9BF0-003753DCCEB6} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.06 14:57:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe [2013.02.06 08:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.06 00:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.02.05 23:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.02.05 23:27:02 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\Simply Super Software [2013.02.05 23:27:02 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Simply Super Software [2013.02.05 23:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.02.05 23:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2013.02.05 23:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.02.05 07:14:58 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Ynfoyd [2013.02.05 07:14:58 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Uczooh [2013.02.05 07:14:58 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Nayco [2013.01.29 09:01:49 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\PDF Writer [2013.01.29 09:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip [2013.01.29 09:00:30 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzFlRdr.dll [2013.01.29 09:00:30 | 000,139,264 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzpdfc.dll [2013.01.29 09:00:30 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzDCT.dll [2013.01.29 09:00:30 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\PDF Writer [2013.01.29 09:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer [2013.01.29 09:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip [2013.01.29 09:00:28 | 000,218,624 | ---- | C] (Bullzip) -- C:\Windows\SysNative\bzpdf.dll [2013.01.29 09:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip [2013.01.29 08:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.01.29 08:48:41 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2013.01.29 08:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2013.01.29 08:47:58 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Programs [2013.01.25 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\Präsentation [2013.01.18 15:03:08 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\Antragsunterlagen [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.06 15:05:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.06 14:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe [2013.02.06 14:54:31 | 000,002,012 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OneClick Internet.lnk [2013.02.06 14:33:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.06 11:00:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.06 09:00:22 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.06 09:00:22 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.06 09:00:22 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.06 09:00:22 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.06 09:00:22 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.06 08:33:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.06 08:10:52 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 08:10:52 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 08:03:08 | 2081,312,767 | -HS- | M] () -- C:\hiberfil.sys [2013.02.05 23:47:11 | 000,141,435 | ---- | M] () -- C:\Users\Mustermann\Desktop\Reiseplan für REISWICH ROBERT MR 12Feb13 Duesseldorf 7T4WVJ.pdf [2013.01.29 08:55:55 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.01.26 13:00:27 | 000,000,017 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\resmon.resmoncfg [2013.01.23 13:15:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.01.21 19:43:28 | 000,948,231 | ---- | M] () -- C:\Users\Mustermann\Desktop\BU-Highlights.pdf [2013.01.11 11:39:42 | 000,103,936 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2013.01.10 08:58:30 | 000,292,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 08:52:20 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.06 08:01:29 | 000,001,256 | ---- | C] () -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.02.05 23:47:11 | 000,141,435 | ---- | C] () -- C:\Users\Mustermann\Desktop\Reiseplan für REISWICH ROBERT MR 12Feb13 Duesseldorf 7T4WVJ.pdf [2013.01.29 08:55:55 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2013.01.26 13:00:27 | 000,000,017 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\resmon.resmoncfg [2013.01.23 13:15:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.12.07 16:43:55 | 000,003,584 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.20 19:19:30 | 000,137,732 | ---- | C] () -- C:\Windows\hpoins44.dat [2012.11.20 19:19:30 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat [2012.09.12 08:20:01 | 000,000,110 | ---- | C] () -- C:\Users\Mustermann\.webcall [2012.05.04 10:07:03 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.05.04 10:07:02 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.05.04 10:07:02 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.05.04 10:07:02 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.01.17 19:57:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.08.30 04:02:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.30 03:59:55 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.07.20 01:29:42 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.20 01:29:35 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.07.01 22:08:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.02.11 00:03:27 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.03 09:23:40 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\ICAClient [2013.02.06 00:15:33 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Nayco [2013.01.20 12:11:26 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\OneClickInternet [2013.01.29 09:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\PDF Writer [2013.01.29 08:55:55 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\pdfforge [2013.02.05 23:27:02 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Simply Super Software [2012.01.25 09:54:19 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Sony [2013.02.05 07:14:58 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Uczooh [2013.02.06 00:37:51 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Ynfoyd ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.02.22 12:47:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.11.16 14:58:45 | 000,000,000 | ---D | M] -- C:\52e80e1d6ad8f074273d07 [2012.01.17 18:51:58 | 000,000,000 | -HSD | M] -- C:\Boot [2011.08.30 04:10:58 | 000,000,000 | ---D | M] -- C:\Documentation [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.01.13 10:30:36 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.08.30 04:47:50 | 000,000,000 | ---D | M] -- C:\Infineon [2011.08.30 03:50:11 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.29 09:00:25 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.06 09:13:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.05 23:29:08 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.01.13 10:30:36 | 000,000,000 | -HSD | M] -- C:\Programme [2013.02.06 15:29:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.18 16:33:34 | 000,000,000 | ---D | M] -- C:\Temp [2013.01.30 08:28:49 | 000,000,000 | ---D | M] -- C:\Update [2012.01.18 14:15:36 | 000,000,000 | R--D | M] -- C:\Users [2013.02.06 09:27:15 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,624 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.09.03 11:29:28 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.09.06 23:18:45 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.09.06 23:18:46 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.05.26 21:04:40 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.05.26 21:04:40 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.05.26 21:04:40 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.05.26 21:04:40 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.05.26 21:04:40 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.05.26 21:04:40 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.06.25 04:13:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys [2011.06.25 04:13:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys [2011.06.25 04:13:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_b8d31a7001998667\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.09.12 08:20:01 | 000,000,110 | ---- | M] () -- C:\Users\Mustermann\.webcall [2013.02.06 15:36:23 | 002,883,584 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT [2013.02.06 15:36:23 | 000,262,144 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat.LOG1 [2012.01.18 14:12:25 | 000,000,000 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat.LOG2 [2012.01.18 14:42:06 | 000,065,536 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.01.18 14:42:06 | 000,524,288 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.01.18 14:42:06 | 000,524,288 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.01.18 14:12:25 | 000,000,020 | -HS- | M] () -- C:\Users\Mustermann\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > [QUOTE]ExtrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.02.2013 15:28:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mustermann\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,92 Gb Total Physical Memory | 5,88 Gb Available Physical Memory | 74,28% Memory free
15,83 Gb Paging File | 13,55 Gb Available in Paging File | 85,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 558,40 Gb Free Space | 93,67% Space Free | Partition Type: NTFS
Computer Name: NB72974 | User Name: Mustermann| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{290C06AB-D2F4-4203-A14E-CF04FE829F30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3F29641B-62C6-44DF-B911-56715E8023EB}" = lport=139 | protocol=6 | dir=in | app=system |
"{657AB31B-7EDC-40CD-BE5A-F2E71F597CA5}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D717A83-98EC-4EFA-BB8D-B305701032BA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{94EE4F39-D189-44AE-BF75-E1C280F3EE98}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A4A4F4D-5957-4BAA-9748-FFF86D7C531A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B1663B33-06AC-4B43-8D6E-300CC387A0C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA9F5342-1EB7-431D-8588-C792DF6FDCE3}" = lport=137 | protocol=17 | dir=in | app=system |
"{C27056A5-71D9-44A2-9F1E-11833C5BB4B9}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA631A45-DF6E-4809-A7E2-81AC67472B00}" = rport=138 | protocol=17 | dir=out | app=system |
"{D0438B1C-EB6F-44E2-87AC-58D699D89E88}" = lport=138 | protocol=17 | dir=in | app=system |
"{D51233C9-535A-48CB-ABBD-E77FC474FDEA}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9D9EC8D-71E3-4D1E-A06F-B4394B87B7CB}" = rport=445 | protocol=6 | dir=out | app=system |
"{F5027798-DA04-4F1D-9C03-A35AD1A31768}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E5B007D-66B7-419E-859C-080F7BBCF574}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{166B483E-A413-4E42-9517-BA4F6F325E69}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{217DF8FB-FD76-4286-9E34-2FAB0D2C7891}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{25D0C01F-B75E-42B5-B4AE-E158C6D8012D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4D90E778-A5F4-4DB9-A6A1-1AC0E1CD852A}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{59E1D9D8-E478-45CB-B0C4-52530F88805F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{6591376F-AE06-49D0-8261-83F39B512176}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{912ED74A-895A-4369-8D26-127F2DF0B129}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{9FA1A8F1-922A-48C2-AC2F-84C369DC8F5D}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"TCP Query User{39CE369E-8EE0-4A12-95FD-316E3075934C}C:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\java.exe" = protocol=6 | dir=in | app=c:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\java.exe |
"TCP Query User{5318F138-CA88-4CD8-9BCD-BE919B992DC1}C:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe |
"TCP Query User{5DB93E61-A4BD-40B1-8D43-29053DBA03D6}C:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\javaw.exe |
"TCP Query User{7BA51695-9021-4361-B1A3-787A7C73CEEB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{6646C50F-1827-44BE-8C73-4BD8831BB1BF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{9B4BAEFE-D364-4D9B-8A09-103F2A6B159E}C:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\javaw.exe |
"UDP Query User{9B6878BC-B3F8-4C67-9F9D-21964CCE6705}C:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\java.exe" = protocol=17 | dir=in | app=c:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\java.exe |
"UDP Query User{AA5F8AC5-B28A-4C01-95AB-F3C88216746B}C:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{077BF055-512A-4D48-B3C2-44AD860FEB0A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2106A845-79C0-426B-9B91-9CBEAF3DE0F2}" = VAIO Update Merge Module x64
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{549AD5FB-F52D-4307-864A-C0008FB35D96}" = VCCx64
"{5CB648C9-78CC-D03E-65E4-B4AF6127CEFC}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7BF570D4-D060-165D-64AA-4C96DBC08671}" = AMD Media Foundation Decoders
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft-Maus- und Tastatur-Center
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64
"{DC4BA134-55D7-AA2B-FC2F-68A95CDA41AB}" = ATI Catalyst Install Manager
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{E7DC06A3-8516-4929-B712-80987AFFFB57}" = Intel(R) PROSet/Wireless WiFi-Software
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"ProInst" = Intel PROSet Wireless
"Speccy" = Speccy
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{06676957-7563-8D90-1212-6B58F8B724D9}" = CCC Help Spanish
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{223767A9-2A17-8F5D-A08A-BE720E51C2D6}" = CCC Help Norwegian
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FFD2FF0-8D1F-7CF0-B389-C2FE3B0BD745}" = CCC Help Czech
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{489D3997-0A51-54BD-591E-AD6A15EB8190}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8AE39C-8C49-C157-4C49-7237B047DB57}" = Catalyst Control Center InstallProxy
"{52018CB0-FD4F-C746-C950-1F40B00BC0C5}" = CCC Help Greek
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{547F3077-EBD6-9D0A-4C9C-A729E5AD6A76}" = CCC Help Korean
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{59312BC4-CA09-88A4-3CA2-A96FF21B4604}" = CCC Help Chinese Standard
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{6007FDAD-CBF0-4B15-6235-93F358273066}" = CCC Help Hungarian
"{60E333E5-93AF-E75A-3A22-A10B0DD351BE}" = CCC Help German
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71FC647F-E91F-4DD2-BEA4-7B4172015DCE}" = VHD
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7C9B54C7-7777-41E4-8508-E78A6CE3BCE5}" = Catalyst Control Center - Branding
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{862AE653-4E32-087E-BA55-C11B853D4DF6}" = CCC Help Thai
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CF4B62E-2ED0-0950-FA54-A46D59A93636}" = Catalyst Control Center Localization All
"{8E797841-A110-41FD-B17A-3ABC0641187A}" = VAIO Control Center
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{930A4D1B-AA42-D8DC-08F1-27CB7F6F6A13}" = CCC Help Danish
"{94650E3B-CCD1-AE32-46A1-3890787B3488}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE76A96-BF2F-8AB9-46B8-74F1FB68AD4C}" = PX Profile Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ADFAD16F-D86E-D4E2-3E0A-A94F54544DE9}" = Catalyst Control Center Profiles Mobile
"{B1482DE6-FF00-2968-0155-57A643DCA7CB}" = CCC Help Portuguese
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B77DE05C-7C84-4011-B93F-A29D0D2840F4}" = ArcSoft WebCam Companion 4
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}" = VAIO CPU-Lüfterdiagnose
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C4040489-0C6A-6361-3270-CE574016BE0F}" = CCC Help Chinese Traditional
"{C4BD6ECC-FF0E-5AAC-8CB3-EA92B20D77A3}" = CCC Help Japanese
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D2F6976A-1935-F625-ACB4-CBF5C067C746}" = CCC Help Italian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC3B9C93-B7AF-01AB-D1FC-8FC82F78D8CD}" = PX Profile Update
"{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}" = VCCx86
"{E8A943BA-C038-B562-92AE-7C5A99C972A0}" = CCC Help French
"{EA441422-6D6A-6E91-A973-492BB9BFB0D6}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21A6101-3E12-32AE-AB8D-51F11005B55B}" = CCC Help Swedish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F63FFE40-4F62-0F8C-5C97-7C66A2D7500A}" = CCC Help Turkish
"{F69CE215-9CE8-48DB-6943-9003B6AE5142}" = Catalyst Control Center
"{F8DD58A9-2A6A-5004-8740-D4E50FBF726C}" = CCC Help Finnish
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FED5269F-EAAA-5D64-AE23-3478C747A1F1}" = CCC Help Russian
"{FF5B1EEA-8766-4D05-A985-08610A21A739}" = CCC Help Dutch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"ESET Online Scanner" = ESET Online Scanner v3
"Gobi_Firmware" = Gobi_Firmware
"HW Gobi 3000 Driver" = HW Gobi 3000 Driver 1.08.00.00
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OneClickInternet" = OneClick Internet
"ProInst" = Intel PROSet Wireless
"Trojan Remover_is1" = Trojan Remover 6.8.5
"uninstall.exe" = iLinc Client
"VAIO Help and Support" =
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MustermanneBASIS lokal - Update" = Mustermann eBASIS lokal - Update
"Data Conference" = Data Conference
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.10.2012 06:56:27 | Computer Name = NB72974 | Source = Windows Search Service | ID = 3029
Description =
Error - 29.10.2012 06:56:27 | Computer Name = NB72974 | Source = Windows Search Service | ID = 3028
Description =
Error - 29.10.2012 06:56:27 | Computer Name = NB72974 | Source = Windows Search Service | ID = 3058
Description =
Error - 29.10.2012 06:56:27 | Computer Name = NB72974 | Source = Windows Search Service | ID = 7010
Description =
Error - 29.10.2012 15:44:02 | Computer Name = NB72974 | Source = WinMgmt | ID = 10
Description =
Error - 30.10.2012 03:11:59 | Computer Name = NB72974 | Source = WinMgmt | ID = 10
Description =
Error - 30.10.2012 09:53:13 | Computer Name = NB72974 | Source = System Restore | ID = 8193
Description =
Error - 30.10.2012 12:36:27 | Computer Name = NB72974 | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 14a0 Startzeit: 01cdb66e10c3f55a Endzeit: 78 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
Error - 31.10.2012 02:59:06 | Computer Name = NB72974 | Source = WinMgmt | ID = 10
Description =
Error - 31.10.2012 09:01:26 | Computer Name = NB72974 | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 05.02.2013 03:14:49 | Computer Name = NB72974 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
der Anfangsadressen verweigerte.
Error - 05.02.2013 15:27:43 | Computer Name = NB72974 | Source = DCOM | ID = 10010
Description =
Error - 05.02.2013 18:58:34 | Computer Name = NB72974 | Source = DCOM | ID = 10010
Description =
Error - 05.02.2013 19:28:38 | Computer Name = NB72974 | Source = DCOM | ID = 10010
Description =
Error - 05.02.2013 20:08:17 | Computer Name = NB72974 | Source = DCOM | ID = 10010
Description =
Error - 06.02.2013 03:02:42 | Computer Name = NB72974 | Source = DCOM | ID = 10010
Description =
Error - 06.02.2013 03:03:43 | Computer Name = NB72974 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 06.02.2013 03:58:39 | Computer Name = NB72974 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
der Anfangsadressen verweigerte.
Error - 06.02.2013 07:48:04 | Computer Name = NB72974 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
der Anfangsadressen verweigerte.
Error - 06.02.2013 09:52:30 | Computer Name = NB72974 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
der Anfangsadressen verweigerte.
< End of report >
Geändert von troja-hilfe (06.02.2013 um 16:31 Uhr) |
|
06.02.2013, 16:40
| #4 |
| /// Malware-holic | Trojaner > http://boxtralsurvisv.pl/gis/file.php hi öffne trojan remover und poste alle bisher erstellten Berichte. 2. Avira Fundmeldungen posten bitte http://www.trojaner-board.de/125889-...en-posten.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 17:45
| #5 |
| | Trojaner > http://boxtralsurvisv.pl/gis/file.php AVIRA Exportierte Ereignisse: 06.02.2013 00:37 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Mustermann\AppData\Roaming\Ynfoyd\taxe.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Zbot.315392.114' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59210c57.qua' verschoben! Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3345907125-2762855170-410212254-1001\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run\Opydsexoxy> konnte nicht repariert werden. Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet. 06.02.2013 00:36 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Mustermann\AppData\Roaming\Ynfoyd\taxe.exe' wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Zbot.315392.114' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 05.02.2013 07:41 [Browser-Schutz] Malware gefunden Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php" wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan] gefunden. Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert 05.02.2013 07:17 [Browser-Schutz] Malware gefunden Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php" wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan] gefunden. Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert 05.02.2013 07:17 [Browser-Schutz] Malware gefunden Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php" wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan] gefunden. Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert 05.02.2013 07:17 [Browser-Schutz] Malware gefunden Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php" wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan] gefunden. Durchgeführte Aktion: Die Datei in Quarantäne verschieben 05.02.2013 07:17 [Browser-Schutz] Malware gefunden Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php" wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan] gefunden. Durchgeführte Aktion: Die Datei in Quarantäne verschieben 05.02.2013 07:16 [Browser-Schutz] Malware gefunden Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php" wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan] gefunden. Durchgeführte Aktion: Die Datei in Quarantäne verschieben 05.02.2013 07:16 [Browser-Schutz] Malware gefunden Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php" wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan] gefunden. Durchgeführte Aktion: Die Datei in Quarantäne verschieben 05.02.2013 07:16 [Browser-Schutz] Malware gefunden Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php" wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan] gefunden. Durchgeführte Aktion: Die Datei in Quarantäne verschieben 05.02.2013 07:15 [Browser-Schutz] Malware gefunden Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php" wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan] gefunden. Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert Trojan Remover **** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.5.2611. For information, email support@simplysup.com [Unregistered version] Scan started at: 23:29:20 05 Feb 2013 Using Database v8040 Operating System: Windows 7 x64 Professional (SP1) [Build: 6.1.7601] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Mustermann\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Mustermann\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files (x86)\Trojan Remover\ Running with Administrator privileges ************************************************************ 23:29:20: ----- CHECKING DEFAULT FILE ASSOCIATIONS ----- No modified default file associations detected ************************************************************ 23:29:20: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 23:29:20: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: C:\Windows\Explorer.exe C:\Windows\Explorer.exe 2871808 bytes Created: 26.05.2011 21:04 Modified: 26.05.2011 21:04 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [C:\Windows\system32\userinit.exe,] File: C:\Windows\system32\userinit.exe C:\Windows\System32\userinit.exe 30720 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: [IAStorIcon] Value Data: [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 284440 bytes Created: 30.08.2011 03:52 Modified: 20.05.2011 09:10 Company: Intel Corporation -------------------- Value Name: [ISBMgr.exe] Value Data: ["C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe 2801288 bytes Created: 30.08.2011 04:10 Modified: 31.05.2011 16:28 Company: Sony Corporation -------------------- Value Name: [ConnectionCenter] Value Data: ["C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe 103768 bytes Created: 12.09.2009 23:09 Modified: 12.09.2009 23:09 Company: Citrix Systems, Inc. -------------------- Value Name: [StartCCC] Value Data: ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 343168 bytes Created: 22.12.2011 01:30 Modified: 22.12.2011 01:30 Company: Advanced Micro Devices, Inc. -------------------- Value Name: [avgnt] Value Data: ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 384800 bytes Created: 10.10.2012 11:32 Modified: 13.12.2012 13:32 Company: Avira Operations GmbH & Co. KG -------------------- Value Name: [TrojanScanner] Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot] C:\Program Files (x86)\Trojan Remover\Trjscan.exe 1247504 bytes Created: 05.02.2013 23:26 Modified: 14.09.2012 11:58 Company: Simply Super Software -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: [ccleaner] Value Data: ["C:\Program Files\CCleaner\CCleaner64.exe" /AUTO] C:\Program Files\CCleaner\CCleaner64.exe 5379936 bytes Created: 24.09.2012 19:49 Modified: 24.09.2012 19:49 Company: Piriform Ltd -------------------- Value Name: [Skype] Value Data: ["C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun] C:\Program Files (x86)\Skype\Phone\Skype.exe -R- 17884848 bytes Created: 19.10.2012 16:38 Modified: 19.10.2012 16:38 Company: Skype Technologies S.A. -------------------- Value Name: [Opydsexoxy] Value Data: [C:\Users\Mustermann\AppData\Roaming\Ynfoyd\taxe.exe] C:\Users\Mustermann\AppData\Roaming\Ynfoyd\taxe.exe 267776 bytes Created: 26.05.2012 22:28 Modified: 26.05.2012 22:28 Company: -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry key appears to be empty ************************************************************ 23:29:22: Scanning -----WINDOWS 64 Bit REGISTRY----- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: [RtHDVCpl] Value Data: [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 11490408 bytes Created: 30.08.2011 03:53 Modified: 16.06.2011 21:43 Company: Realtek Semiconductor -------------------- Value Name: [RtHDVBg] Value Data: [C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 2179688 bytes Created: 30.08.2011 03:53 Modified: 16.06.2011 21:43 Company: Realtek Semiconductor -------------------- Value Name: [Apoint] Value Data: [%ProgramFiles%\Apoint\Apoint.exe] C:\Program Files\Apoint\Apoint.exe 226672 bytes Created: 21.06.2011 08:01 Modified: 15.06.2011 21:17 Company: Alps Electric Co., Ltd. -------------------- Value Name: [IntelPAN] Value Data: ["C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe 1935120 bytes Created: 04.01.2012 12:18 Modified: 04.01.2012 12:18 Company: Intel(R) Corporation -------------------- Value Name: [BTMTrayAgent] Value Data: [rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll 10358784 bytes Created: 14.11.2011 17:13 Modified: 14.11.2011 17:13 Company: Intel Corporation -------------------- Value Name: [IgfxTray] Value Data: [C:\Windows\system32\igfxtray.exe] C:\Windows\System32\igfxtray.exe 167704 bytes Created: 04.05.2012 10:07 Modified: 10.01.2012 20:43 Company: Intel Corporation -------------------- Value Name: [HotKeysCmds] Value Data: [C:\Windows\system32\hkcmd.exe] C:\Windows\System32\hkcmd.exe 392984 bytes Created: 04.05.2012 10:07 Modified: 10.01.2012 20:43 Company: Intel Corporation -------------------- Value Name: [Persistence] Value Data: [C:\Windows\system32\igfxpers.exe] C:\Windows\System32\igfxpers.exe 417560 bytes Created: 04.05.2012 10:07 Modified: 10.01.2012 20:43 Company: Intel Corporation -------------------- Value Name: [IntelliType Pro] Value Data: ["c:\Program Files\Microsoft Device Center\itype.exe"] c:\Program Files\Microsoft Device Center\itype.exe 1464928 bytes Created: 26.06.2012 20:38 Modified: 26.06.2012 20:38 Company: Microsoft Corporation -------------------- Value Name: [IntelliPoint] Value Data: ["c:\Program Files\Microsoft Device Center\ipoint.exe"] c:\Program Files\Microsoft Device Center\ipoint.exe 2004584 bytes Created: 26.06.2012 20:38 Modified: 26.06.2012 20:38 Company: Microsoft Corporation -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry key appears to be empty ************************************************************ 23:29:23: Scanning -----SHELLEXECUTEHOOKS----- ShellExecuteHooks key is empty ************************************************************ 23:29:23: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 23:29:23: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************************ 23:29:23: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} Path: %SystemRoot%\system32\unregmp2.exe /ShowWMP C:\Windows\System32\unregmp2.exe 323584 bytes Created: 14.07.2009 01:23 Modified: 14.07.2009 02:39 Company: Microsoft Corporation ---------- Key: >{26923b43-4d38-484f-9b9e-de460746276c} Path: C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig C:\Windows\SysWOW64\ie4uinit.exe 74240 bytes Created: 26.05.2011 21:06 Modified: 26.05.2011 21:06 Company: Microsoft Corporation ---------- Key: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} Path: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll C:\Windows\System32\themeui.dll 2851840 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} Path: "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE C:\Program Files (x86)\Windows Mail\WinMail.exe Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6} Path: %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI C:\Windows\System32\unregmp2.exe 323584 bytes Created: 14.07.2009 01:23 Modified: 14.07.2009 02:39 Company: Microsoft Corporation ---------- Key: {89820200-ECBD-11cf-8B85-00AA005B4340} Path: regsvr32.exe /s /n /i:U shell32.dll C:\Windows\System32\shell32.dll 14172672 bytes Created: 16.08.2012 12:13 Modified: 09.06.2012 06:43 Company: Microsoft Corporation ---------- Key: {89820200-ECBD-11cf-8B85-00AA005B4383} Path: C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings C:\Windows\SysWOW64\ie4uinit.exe 74240 bytes Created: 26.05.2011 21:06 Modified: 26.05.2011 21:06 Company: Microsoft Corporation ---------- ************************************************************ 23:29:24: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************************ 23:29:24: Scanning ----- SERVICES REGISTRY KEYS ----- Key: 1394ohci ImagePath: \SystemRoot\system32\drivers\1394ohci.sys C:\Windows\System32\drivers\1394ohci.sys 229888 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: ACDaemon ImagePath: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 113152 bytes Created: 18.03.2010 10:19 Modified: 18.03.2010 10:19 Company: ArcSoft Inc. ---------- Key: ACPI ImagePath: system32\drivers\ACPI.sys C:\Windows\System32\drivers\ACPI.sys 334208 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: AcpiPmi ImagePath: \SystemRoot\system32\drivers\acpipmi.sys C:\Windows\System32\drivers\acpipmi.sys 12800 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: AdobeARMservice ImagePath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 65192 bytes Created: 18.12.2012 06:28 Modified: 18.12.2012 06:28 Company: Adobe Systems Incorporated ---------- Key: AdobeFlashPlayerUpdateSvc ImagePath: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 251400 bytes Created: 03.09.2012 11:29 Modified: 09.01.2013 03:01 Company: Adobe Systems Incorporated ---------- Key: adp94xx ImagePath: \SystemRoot\system32\drivers\adp94xx.sys C:\Windows\System32\drivers\adp94xx.sys 491088 bytes Created: 10.06.2009 21:36 Modified: 14.07.2009 02:52 Company: Adaptec, Inc. ---------- Key: adpahci ImagePath: \SystemRoot\system32\drivers\adpahci.sys C:\Windows\System32\drivers\adpahci.sys 339536 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:52 Company: Adaptec, Inc. ---------- Key: adpu320 ImagePath: \SystemRoot\system32\drivers\adpu320.sys C:\Windows\System32\drivers\adpu320.sys 182864 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:52 Company: Adaptec, Inc. ---------- Key: AFD ImagePath: \SystemRoot\system32\drivers\afd.sys C:\Windows\System32\drivers\afd.sys 498688 bytes Created: 22.02.2012 14:01 Modified: 28.12.2011 04:59 Company: Microsoft Corporation ---------- Key: agp440 ImagePath: \SystemRoot\system32\drivers\agp440.sys C:\Windows\System32\drivers\agp440.sys 61008 bytes Created: 14.07.2009 00:38 Modified: 14.07.2009 02:52 Company: Microsoft Corporation ---------- Key: ALG ImagePath: %SystemRoot%\System32\alg.exe C:\Windows\System32\alg.exe 79360 bytes Created: 14.07.2009 01:08 Modified: 14.07.2009 02:38 Company: Microsoft Corporation ---------- Key: aliide ImagePath: \SystemRoot\system32\drivers\aliide.sys C:\Windows\System32\drivers\aliide.sys 15440 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:52 Company: Acer Laboratories Inc. ---------- Key: AMD External Events Utility ImagePath: %SystemRoot%\system32\atiesrxx.exe C:\Windows\System32\atiesrxx.exe 204288 bytes Created: 04.05.2012 10:07 Modified: 22.12.2011 07:54 Company: AMD ---------- Key: amdide ImagePath: \SystemRoot\system32\drivers\amdide.sys C:\Windows\System32\drivers\amdide.sys 15440 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:52 Company: Microsoft Corporation ---------- Key: AmdK8 ImagePath: \SystemRoot\system32\drivers\amdk8.sys C:\Windows\System32\drivers\amdk8.sys 64512 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 00:19 Company: Microsoft Corporation ---------- Key: amdkmdag ImagePath: system32\DRIVERS\atikmdag.sys C:\Windows\System32\DRIVERS\atikmdag.sys 9360896 bytes Created: 04.05.2012 10:07 Modified: 22.12.2011 08:30 Company: ATI Technologies Inc. ---------- Key: amdkmdap ImagePath: system32\DRIVERS\atikmpag.sys C:\Windows\System32\DRIVERS\atikmpag.sys 309760 bytes Created: 04.05.2012 10:07 Modified: 22.12.2011 07:12 Company: Advanced Micro Devices, Inc. ---------- Key: AmdPPM ImagePath: \SystemRoot\system32\drivers\amdppm.sys C:\Windows\System32\drivers\amdppm.sys 60928 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 00:19 Company: Microsoft Corporation ---------- Key: amdsata ImagePath: \SystemRoot\system32\drivers\amdsata.sys C:\Windows\System32\drivers\amdsata.sys 107904 bytes Created: 30.08.2011 03:48 Modified: 11.03.2011 07:41 Company: Advanced Micro Devices ---------- Key: amdsbs ImagePath: \SystemRoot\system32\drivers\amdsbs.sys C:\Windows\System32\drivers\amdsbs.sys 194128 bytes Created: 10.06.2009 21:37 Modified: 14.07.2009 02:52 Company: AMD Technologies Inc. ---------- Key: amdxata ImagePath: system32\drivers\amdxata.sys C:\Windows\System32\drivers\amdxata.sys 27008 bytes Created: 30.08.2011 03:48 Modified: 11.03.2011 07:41 Company: Advanced Micro Devices ---------- Key: AMPPAL ImagePath: system32\DRIVERS\AMPPAL.sys C:\Windows\System32\DRIVERS\AMPPAL.sys 195072 bytes Created: 12.12.2011 03:33 Modified: 12.12.2011 03:33 Company: Windows (R) Win 7 DDK provider ---------- Key: AMPPALP ImagePath: system32\DRIVERS\amppal.sys C:\Windows\System32\DRIVERS\amppal.sys 195072 bytes Created: 12.12.2011 03:33 Modified: 12.12.2011 03:33 Company: Windows (R) Win 7 DDK provider ---------- Key: AMPPALR3 ImagePath: C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 661504 bytes Created: 12.12.2011 03:40 Modified: 12.12.2011 03:40 Company: Intel Corporation ---------- Key: AntiVirMailService ImagePath: "C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe" C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 400160 bytes Created: 10.10.2012 11:32 Modified: 13.12.2012 13:32 Company: Avira Operations GmbH & Co. KG ---------- Key: AntiVirSchedulerService ImagePath: "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 85280 bytes Created: 10.10.2012 11:32 Modified: 13.12.2012 13:33 Company: Avira Operations GmbH & Co. KG ---------- Key: AntiVirService ImagePath: "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 109344 bytes Created: 10.10.2012 11:32 Modified: 13.12.2012 13:32 Company: Avira Operations GmbH & Co. KG ---------- Key: AntiVirWebService ImagePath: "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 565024 bytes Created: 10.10.2012 11:32 Modified: 13.12.2012 13:32 Company: Avira Operations GmbH & Co. KG ---------- Key: ApfiltrService ImagePath: \SystemRoot\system32\drivers\Apfiltr.sys C:\Windows\System32\drivers\Apfiltr.sys 316024 bytes Created: 21.06.2011 08:01 Modified: 15.06.2011 21:17 Company: Alps Electric Co., Ltd. ---------- Key: AppID ImagePath: \SystemRoot\system32\drivers\appid.sys C:\Windows\System32\drivers\appid.sys 61440 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: arc ImagePath: \SystemRoot\system32\drivers\arc.sys C:\Windows\System32\drivers\arc.sys 87632 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:52 Company: Adaptec, Inc. ---------- Key: arcsas ImagePath: \SystemRoot\system32\drivers\arcsas.sys C:\Windows\System32\drivers\arcsas.sys 97856 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:52 Company: Adaptec, Inc. ---------- Key: aspnet_state ImagePath: %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 44376 bytes Created: 19.03.2010 02:23 Modified: 19.03.2010 02:23 Company: Microsoft Corporation ---------- Key: AsyncMac ImagePath: system32\DRIVERS\asyncmac.sys C:\Windows\System32\DRIVERS\asyncmac.sys 23040 bytes Created: 14.07.2009 01:10 Modified: 14.07.2009 01:10 Company: Microsoft Corporation ---------- Key: atapi ImagePath: \SystemRoot\system32\drivers\atapi.sys C:\Windows\System32\drivers\atapi.sys 24128 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:52 Company: Microsoft Corporation ---------- Key: athr ImagePath: system32\DRIVERS\athrx.sys C:\Windows\System32\DRIVERS\athrx.sys 1394688 bytes Created: 20.06.2009 03:09 Modified: 20.06.2009 03:09 Company: Atheros Communications, Inc. ---------- Key: ATSwpWDF ImagePath: system32\DRIVERS\ATSwpWDF.sys C:\Windows\System32\DRIVERS\ATSwpWDF.sys 894240 bytes Created: 27.01.2011 11:41 Modified: 27.01.2011 11:41 Company: AuthenTec, Inc. ---------- Key: avgntflt ImagePath: system32\DRIVERS\avgntflt.sys C:\Windows\System32\DRIVERS\avgntflt.sys 99912 bytes Created: 10.10.2012 11:32 Modified: 13.12.2012 13:33 Company: Avira Operations GmbH & Co. KG ---------- Key: avipbb ImagePath: system32\DRIVERS\avipbb.sys C:\Windows\System32\DRIVERS\avipbb.sys 129216 bytes Created: 10.10.2012 11:32 Modified: 13.12.2012 13:33 Company: Avira Operations GmbH & Co. KG ---------- Key: avkmgr ImagePath: system32\DRIVERS\avkmgr.sys C:\Windows\System32\DRIVERS\avkmgr.sys 27800 bytes Created: 10.10.2012 11:32 Modified: 10.10.2012 07:49 Company: Avira Operations GmbH & Co. KG ---------- Key: b06bdrv ImagePath: \SystemRoot\system32\drivers\bxvbda.sys C:\Windows\System32\drivers\bxvbda.sys 468480 bytes Created: 10.06.2009 21:34 Modified: 10.06.2009 21:34 Company: Broadcom Corporation ---------- Key: b57nd60a ImagePath: system32\DRIVERS\b57nd60a.sys C:\Windows\System32\DRIVERS\b57nd60a.sys 270848 bytes Created: 10.06.2009 21:34 Modified: 10.06.2009 21:34 Company: Broadcom Corporation ---------- Key: BBSvc ImagePath: "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 196176 bytes Created: 21.10.2011 15:23 Modified: 21.10.2011 15:23 Company: Microsoft Corporation. ---------- Key: BBUpdate ImagePath: "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 249648 bytes Created: 13.10.2011 17:21 Modified: 13.10.2011 17:21 Company: Microsoft Corporation ---------- Key: blbdrive ImagePath: \SystemRoot\system32\drivers\blbdrive.sys C:\Windows\System32\drivers\blbdrive.sys 45056 bytes Created: 14.07.2009 00:35 Modified: 14.07.2009 00:35 Company: Microsoft Corporation ---------- Key: Bluetooth Device Monitor ImagePath: "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 921664 bytes Created: 14.11.2011 17:13 Modified: 14.11.2011 17:13 Company: Intel Corporation ---------- Key: Bluetooth Media Service ImagePath: "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 1355840 bytes Created: 14.11.2011 17:14 Modified: 14.11.2011 17:14 Company: Intel Corporation ---------- Key: Bluetooth OBEX Service ImagePath: "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 995392 bytes Created: 14.11.2011 17:14 Modified: 14.11.2011 17:14 Company: Intel Corporation ---------- Key: bowser ImagePath: system32\DRIVERS\bowser.sys C:\Windows\System32\DRIVERS\bowser.sys 90624 bytes Created: 26.05.2011 21:04 Modified: 26.05.2011 21:04 Company: Microsoft Corporation ---------- Key: BrFiltLo ImagePath: \SystemRoot\system32\drivers\BrFiltLo.sys C:\Windows\System32\drivers\BrFiltLo.sys 18432 bytes Created: 14.07.2009 02:19 Modified: 10.06.2009 21:41 Company: Brother Industries, Ltd. ---------- Key: BrFiltUp ImagePath: \SystemRoot\system32\drivers\BrFiltUp.sys C:\Windows\System32\drivers\BrFiltUp.sys 8704 bytes Created: 14.07.2009 02:20 Modified: 10.06.2009 21:41 Company: Brother Industries, Ltd. ---------- Key: Brserid ImagePath: \SystemRoot\System32\Drivers\Brserid.sys C:\Windows\System32\Drivers\Brserid.sys 286720 bytes Created: 14.07.2009 02:19 Modified: 14.07.2009 02:19 Company: Brother Industries Ltd. ---------- Key: BrSerWdm ImagePath: \SystemRoot\System32\Drivers\BrSerWdm.sys C:\Windows\System32\Drivers\BrSerWdm.sys 47104 bytes Created: 14.07.2009 02:20 Modified: 10.06.2009 21:41 Company: Brother Industries Ltd. ---------- Key: BrUsbMdm ImagePath: \SystemRoot\System32\Drivers\BrUsbMdm.sys C:\Windows\System32\Drivers\BrUsbMdm.sys 14976 bytes Created: 14.07.2009 02:20 Modified: 10.06.2009 21:41 Company: Brother Industries Ltd. ---------- Key: BrUsbSer ImagePath: \SystemRoot\System32\Drivers\BrUsbSer.sys C:\Windows\System32\Drivers\BrUsbSer.sys 14720 bytes Created: 14.07.2009 02:20 Modified: 10.06.2009 21:41 Company: Brother Industries Ltd. ---------- Key: BthEnum ImagePath: \SystemRoot\system32\drivers\BthEnum.sys C:\Windows\System32\drivers\BthEnum.sys 41984 bytes Created: 14.07.2009 01:06 Modified: 14.07.2009 01:06 Company: Microsoft Corporation ---------- Key: BTHMODEM ImagePath: system32\DRIVERS\bthmodem.sys C:\Windows\System32\DRIVERS\bthmodem.sys 72192 bytes Created: 14.07.2009 01:06 Modified: 14.07.2009 01:06 Company: Microsoft Corporation ---------- Key: BthPan ImagePath: system32\DRIVERS\bthpan.sys C:\Windows\System32\DRIVERS\bthpan.sys 118784 bytes Created: 14.07.2009 01:07 Modified: 14.07.2009 01:07 Company: Microsoft Corporation ---------- Key: BTHPORT ImagePath: \SystemRoot\System32\Drivers\BTHport.sys C:\Windows\System32\Drivers\BTHport.sys 552960 bytes Created: 16.08.2012 12:16 Modified: 06.07.2012 21:07 Company: Microsoft Corporation ---------- Key: BTHSSecurityMgr ImagePath: "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 135952 bytes Created: 13.01.2012 12:22 Modified: 13.01.2012 12:22 Company: Intel(R) Corporation ---------- Key: BTHUSB ImagePath: \SystemRoot\System32\Drivers\BTHUSB.sys C:\Windows\System32\Drivers\BTHUSB.sys 80384 bytes Created: 01.02.2012 13:09 Modified: 28.04.2011 04:54 Company: Microsoft Corporation ---------- Key: btmaux ImagePath: system32\DRIVERS\btmaux.sys C:\Windows\System32\DRIVERS\btmaux.sys 84480 bytes Created: 14.11.2011 17:13 Modified: 14.11.2011 17:13 Company: Intel Corporation ---------- Key: btmhsf ImagePath: system32\DRIVERS\btmhsf.sys C:\Windows\System32\DRIVERS\btmhsf.sys 327168 bytes Created: 15.11.2011 01:13 Modified: 15.11.2011 01:13 Company: Intel Corporation ---------- Key: cdfs ImagePath: system32\DRIVERS\cdfs.sys C:\Windows\System32\DRIVERS\cdfs.sys 92160 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 00:19 Company: Microsoft Corporation ---------- Key: cdrom ImagePath: system32\DRIVERS\cdrom.sys C:\Windows\System32\DRIVERS\cdrom.sys 147456 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: circlass ImagePath: \SystemRoot\system32\drivers\circlass.sys C:\Windows\System32\drivers\circlass.sys 45568 bytes Created: 14.07.2009 01:06 Modified: 14.07.2009 01:06 Company: Microsoft Corporation ---------- Key: CLFS ImagePath: System32\CLFS.sys C:\Windows\System32\CLFS.sys 367696 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:52 Company: Microsoft Corporation ---------- Key: clr_optimization_v2.0.50727_32 ImagePath: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 66384 bytes Created: 13.07.2009 21:46 Modified: 10.06.2009 22:23 Company: Microsoft Corporation ---------- Key: clr_optimization_v2.0.50727_64 ImagePath: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 89920 bytes Created: 13.07.2009 21:37 Modified: 10.06.2009 21:39 Company: Microsoft Corporation ---------- Key: clr_optimization_v4.0.30319_32 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 130384 bytes Created: 18.03.2010 22:16 Modified: 18.03.2010 22:16 Company: Microsoft Corporation ---------- Key: clr_optimization_v4.0.30319_64 ImagePath: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 138576 bytes Created: 18.03.2010 23:27 Modified: 18.03.2010 23:27 Company: Microsoft Corporation ---------- Key: CmBatt ImagePath: \SystemRoot\system32\drivers\CmBatt.sys C:\Windows\System32\drivers\CmBatt.sys 17664 bytes Created: 14.07.2009 00:31 Modified: 14.07.2009 00:31 Company: Microsoft Corporation ---------- Key: cmdide ImagePath: \SystemRoot\system32\drivers\cmdide.sys C:\Windows\System32\drivers\cmdide.sys 17488 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:52 Company: CMD Technology, Inc. ---------- Key: CNG ImagePath: System32\Drivers\cng.sys C:\Windows\System32\Drivers\cng.sys 458712 bytes Created: 29.10.2012 11:43 Modified: 24.08.2012 19:09 Company: Microsoft Corporation ---------- Key: Compbatt ImagePath: system32\drivers\compbatt.sys C:\Windows\System32\drivers\compbatt.sys 21584 bytes Created: 14.07.2009 00:31 Modified: 14.07.2009 02:52 Company: Microsoft Corporation ---------- Key: CompositeBus ImagePath: \SystemRoot\system32\drivers\CompositeBus.sys C:\Windows\System32\drivers\CompositeBus.sys 38912 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: COMSysApp ImagePath: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} C:\Windows\System32\dllhost.exe 9728 bytes Created: 14.07.2009 00:59 Modified: 14.07.2009 02:39 Company: Microsoft Corporation ---------- Key: crcdisk ImagePath: \SystemRoot\system32\drivers\crcdisk.sys C:\Windows\System32\drivers\crcdisk.sys 24144 bytes Created: 14.07.2009 01:01 Modified: 14.07.2009 02:47 Company: Microsoft Corporation ---------- Key: CSC ImagePath: system32\drivers\csc.sys C:\Windows\System32\drivers\csc.sys 514560 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: ctxusbm ImagePath: system32\DRIVERS\ctxusbm.sys C:\Windows\System32\DRIVERS\ctxusbm.sys 87600 bytes Created: 08.09.2009 18:13 Modified: 08.09.2009 18:13 Company: Citrix Systems, Inc. ---------- Key: DfsC ImagePath: System32\Drivers\dfsc.sys C:\Windows\System32\Drivers\dfsc.sys 102400 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: discache ImagePath: System32\drivers\discache.sys C:\Windows\System32\drivers\discache.sys 40448 bytes Created: 14.07.2009 00:37 Modified: 14.07.2009 00:37 Company: Microsoft Corporation ---------- Key: Disk ImagePath: system32\drivers\disk.sys C:\Windows\System32\drivers\disk.sys 73280 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:47 Company: Microsoft Corporation ---------- Key: dmvsc ImagePath: \SystemRoot\system32\drivers\dmvsc.sys C:\Windows\System32\drivers\dmvsc.sys 71168 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: Dot4 ImagePath: system32\DRIVERS\Dot4.sys C:\Windows\System32\DRIVERS\Dot4.sys 145920 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: Dot4Print ImagePath: system32\DRIVERS\Dot4Prt.sys C:\Windows\System32\DRIVERS\Dot4Prt.sys 19968 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: dot4usb ImagePath: system32\DRIVERS\dot4usb.sys C:\Windows\System32\DRIVERS\dot4usb.sys 43008 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: drmkaud ImagePath: system32\drivers\drmkaud.sys C:\Windows\System32\drivers\drmkaud.sys 5632 bytes Created: 14.07.2009 01:06 Modified: 14.07.2009 01:06 Company: Microsoft Corporation ---------- Key: DXGKrnl ImagePath: \SystemRoot\System32\drivers\dxgkrnl.sys C:\Windows\System32\drivers\dxgkrnl.sys 982912 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: e1yexpress ImagePath: system32\DRIVERS\e1y60x64.sys C:\Windows\System32\DRIVERS\e1y60x64.sys 281088 bytes Created: 10.06.2009 21:35 Modified: 10.06.2009 21:35 Company: Intel Corporation ---------- Key: ebdrv ImagePath: \SystemRoot\system32\drivers\evbda.sys C:\Windows\System32\drivers\evbda.sys 3286016 bytes Created: 10.06.2009 21:34 Modified: 10.06.2009 21:34 Company: Broadcom Corporation ---------- Key: EFS ImagePath: %SystemRoot%\System32\lsass.exe C:\Windows\System32\lsass.exe 31232 bytes Created: 18.01.2012 14:53 Modified: 17.11.2011 07:33 Company: Microsoft Corporation ---------- Key: ehRecvr ImagePath: %systemroot%\ehome\ehRecvr.exe C:\Windows\ehome\ehRecvr.exe 696832 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: ehSched ImagePath: %systemroot%\ehome\ehsched.exe C:\Windows\ehome\ehsched.exe 127488 bytes Created: 14.07.2009 01:24 Modified: 14.07.2009 02:39 Company: Microsoft Corporation ---------- Key: elxstor ImagePath: \SystemRoot\system32\drivers\elxstor.sys C:\Windows\System32\drivers\elxstor.sys 530496 bytes Created: 10.06.2009 21:36 Modified: 14.07.2009 02:47 Company: Emulex ---------- Key: ErrDev ImagePath: \SystemRoot\system32\drivers\errdev.sys C:\Windows\System32\drivers\errdev.sys 9728 bytes Created: 14.07.2009 00:31 Modified: 14.07.2009 00:31 Company: Microsoft Corporation ---------- Key: EvtEng ImagePath: C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe 1526032 bytes Created: 04.01.2012 12:27 Modified: 04.01.2012 12:27 Company: Intel(R) Corporation ---------- Key: Fax ImagePath: %systemroot%\system32\fxssvc.exe C:\Windows\System32\fxssvc.exe 689152 bytes Created: 21.11.2010 04:25 Modified: 21.11.2010 04:25 Company: Microsoft Corporation ---------- Key: fdc ImagePath: \SystemRoot\system32\drivers\fdc.sys C:\Windows\System32\drivers\fdc.sys 29696 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: FileInfo ImagePath: system32\drivers\fileinfo.sys C:\Windows\System32\drivers\fileinfo.sys 70224 bytes Created: 14.07.2009 00:34 Modified: 14.07.2009 02:47 Company: Microsoft Corporation ---------- Key: Filetrace ImagePath: system32\drivers\filetrace.sys C:\Windows\System32\drivers\filetrace.sys 34304 bytes Created: 14.07.2009 00:25 Modified: 14.07.2009 00:25 Company: Microsoft Corporation ---------- Key: flpydisk ImagePath: \SystemRoot\system32\drivers\flpydisk.sys C:\Windows\System32\drivers\flpydisk.sys 24576 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: FltMgr ImagePath: system32\drivers\fltmgr.sys C:\Windows\System32\drivers\fltmgr.sys 289664 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: FontCache3.0.0.0 ImagePath: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 42856 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: FsDepends ImagePath: System32\drivers\FsDepends.sys C:\Windows\System32\drivers\FsDepends.sys 55376 bytes Created: 14.07.2009 00:26 Modified: 14.07.2009 02:47 Company: Microsoft Corporation ---------- Key: fvevol ImagePath: System32\DRIVERS\fvevol.sys C:\Windows\System32\DRIVERS\fvevol.sys 223248 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: gagp30kx ImagePath: \SystemRoot\system32\drivers\gagp30kx.sys C:\Windows\System32\drivers\gagp30kx.sys 65088 bytes Created: 14.07.2009 00:38 Modified: 14.07.2009 02:47 Company: Microsoft Corporation ---------- Key: gobi3kfilter ImagePath: system32\DRIVERS\gobi3kfilter.sys C:\Windows\System32\DRIVERS\gobi3kfilter.sys 34304 bytes Created: 13.12.2010 08:16 Modified: 13.12.2010 08:16 Company: QUALCOMM Incorporated ---------- Key: gobi3kmbb ImagePath: system32\DRIVERS\gobi3kmbb.sys C:\Windows\System32\DRIVERS\gobi3kmbb.sys 399872 bytes Created: 30.08.2011 04:01 Modified: 21.04.2011 02:29 Company: QUALCOMM Incorporated ---------- Key: gobi3kserial ImagePath: system32\DRIVERS\gobi3kserial.sys C:\Windows\System32\DRIVERS\gobi3kserial.sys 233984 bytes Created: 13.12.2010 08:18 Modified: 13.12.2010 08:18 Company: QUALCOMM Incorporated ---------- Key: GobiQDLService ImagePath: C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe 318464 bytes Created: 30.08.2011 05:04 Modified: 04.03.2011 09:46 Company: HUAWEI Technologies Co., Ltd. ---------- Key: gupdate ImagePath: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 116648 bytes Created: 06.09.2012 23:18 Modified: 06.09.2012 23:18 Company: Google Inc. ---------- Key: gupdatem ImagePath: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 116648 bytes Created: 06.09.2012 23:18 Modified: 06.09.2012 23:18 Company: Google Inc. ---------- Key: gusvc ImagePath: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 194032 bytes Created: 06.09.2012 23:18 Modified: 06.09.2012 23:18 Company: Google ---------- Key: hcw85cir ImagePath: \SystemRoot\system32\drivers\hcw85cir.sys C:\Windows\System32\drivers\hcw85cir.sys 31232 bytes Created: 13.07.2009 23:53 Modified: 10.06.2009 21:31 Company: Hauppauge Computer Works, Inc. ---------- Key: HdAudAddService ImagePath: system32\drivers\HdAudio.sys C:\Windows\System32\drivers\HdAudio.sys 350208 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: HDAudBus ImagePath: \SystemRoot\system32\drivers\HDAudBus.sys C:\Windows\System32\drivers\HDAudBus.sys 122368 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: HidBatt ImagePath: \SystemRoot\system32\drivers\HidBatt.sys C:\Windows\System32\drivers\HidBatt.sys 26624 bytes Created: 14.07.2009 00:31 Modified: 14.07.2009 00:31 Company: Microsoft Corporation ---------- Key: HidBth ImagePath: system32\DRIVERS\hidbth.sys C:\Windows\System32\DRIVERS\hidbth.sys 100864 bytes Created: 14.07.2009 01:06 Modified: 14.07.2009 01:06 Company: Microsoft Corporation ---------- Key: HidIr ImagePath: \SystemRoot\system32\drivers\hidir.sys C:\Windows\System32\drivers\hidir.sys 46592 bytes Created: 14.07.2009 01:06 Modified: 14.07.2009 01:06 Company: Microsoft Corporation ---------- Key: HidUsb ImagePath: system32\DRIVERS\hidusb.sys C:\Windows\System32\DRIVERS\hidusb.sys 30208 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: HpSAMD ImagePath: \SystemRoot\system32\drivers\HpSAMD.sys C:\Windows\System32\drivers\HpSAMD.sys 78720 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Hewlett-Packard Company ---------- Key: HTTP ImagePath: system32\drivers\HTTP.sys C:\Windows\System32\drivers\HTTP.sys 753664 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: hwpolicy ImagePath: System32\drivers\hwpolicy.sys C:\Windows\System32\drivers\hwpolicy.sys 14720 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: i8042prt ImagePath: \SystemRoot\system32\drivers\i8042prt.sys C:\Windows\System32\drivers\i8042prt.sys 105472 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 00:19 Company: Microsoft Corporation ---------- Key: iaStor ImagePath: system32\drivers\iaStor.sys C:\Windows\System32\drivers\iaStor.sys 557848 bytes Created: 30.08.2011 12:56 Modified: 25.06.2011 04:13 Company: Intel Corporation ---------- Key: IAStorDataMgrSvc ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 13592 bytes Created: 30.08.2011 03:52 Modified: 20.05.2011 09:10 Company: Intel Corporation ---------- Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iaStorV.sys C:\Windows\System32\drivers\iaStorV.sys 410496 bytes Created: 30.08.2011 03:48 Modified: 11.03.2011 07:41 Company: Intel Corporation ---------- Key: iBtFltCoex ImagePath: system32\DRIVERS\iBtFltCoex.sys C:\Windows\System32\DRIVERS\iBtFltCoex.sys 60416 bytes Created: 09.12.2011 19:45 Modified: 09.12.2011 19:45 Company: Intel Corporation ---------- Key: IconMan_R ImagePath: "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe" C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 2375168 bytes Created: 30.08.2011 04:00 Modified: 16.06.2011 21:51 Company: Realsil Microelectronics Inc. ---------- Key: idsvc ImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 856400 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: iirsp ImagePath: \SystemRoot\system32\drivers\iirsp.sys C:\Windows\System32\drivers\iirsp.sys 44112 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:48 Company: Intel Corp./ICP vortex GmbH ---------- Key: intaud_WaveExtensible ImagePath: system32\drivers\intelaud.sys C:\Windows\System32\drivers\intelaud.sys 34200 bytes Created: 21.06.2011 14:19 Modified: 21.06.2011 14:19 Company: Intel Corporation ---------- Key: IntcAzAudAddService ImagePath: system32\drivers\RTKVHD64.sys C:\Windows\System32\drivers\RTKVHD64.sys 2520936 bytes Created: 30.08.2011 03:53 Modified: 16.06.2011 21:44 Company: Realtek Semiconductor Corp. ---------- Key: IntcDAud ImagePath: system32\DRIVERS\IntcDAud.sys C:\Windows\System32\DRIVERS\IntcDAud.sys 317440 bytes Created: 23.08.2011 10:12 Modified: 23.08.2011 10:12 Company: Intel(R) Corporation ---------- Key: intelide ImagePath: \SystemRoot\system32\drivers\intelide.sys C:\Windows\System32\drivers\intelide.sys 16960 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:48 Company: Microsoft Corporation ---------- Key: intelkmd ImagePath: system32\DRIVERS\igdpmd64.sys C:\Windows\System32\DRIVERS\igdpmd64.sys 12311904 bytes Created: 04.05.2012 10:07 Modified: 10.01.2012 20:28 Company: Intel Corporation ---------- Key: intelppm ImagePath: system32\DRIVERS\intelppm.sys C:\Windows\System32\DRIVERS\intelppm.sys 62464 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 00:19 Company: Microsoft Corporation ---------- Key: IpFilterDriver ImagePath: system32\DRIVERS\ipfltdrv.sys C:\Windows\System32\DRIVERS\ipfltdrv.sys 82944 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: IPMIDRV ImagePath: \SystemRoot\system32\drivers\IPMIDrv.sys C:\Windows\System32\drivers\IPMIDrv.sys 78848 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: IPNAT ImagePath: System32\drivers\ipnat.sys C:\Windows\System32\drivers\ipnat.sys 116224 bytes Created: 14.07.2009 01:10 Modified: 14.07.2009 01:10 Company: Microsoft Corporation ---------- Key: IRENUM ImagePath: system32\drivers\irenum.sys C:\Windows\System32\drivers\irenum.sys 17920 bytes Created: 14.07.2009 01:08 Modified: 14.07.2009 01:08 Company: Microsoft Corporation ---------- Key: isapnp ImagePath: \SystemRoot\system32\drivers\isapnp.sys C:\Windows\System32\drivers\isapnp.sys 20544 bytes Created: 14.07.2009 00:31 Modified: 14.07.2009 02:48 Company: Microsoft Corporation ---------- Key: iScsiPrt ImagePath: \SystemRoot\system32\drivers\msiscsi.sys C:\Windows\System32\drivers\msiscsi.sys 273792 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: iwdbus ImagePath: \SystemRoot\system32\drivers\iwdbus.sys C:\Windows\System32\drivers\iwdbus.sys 25496 bytes Created: 21.06.2011 14:19 Modified: 21.06.2011 14:19 Company: Intel Corporation ---------- Key: kbdclass ImagePath: system32\DRIVERS\kbdclass.sys C:\Windows\System32\DRIVERS\kbdclass.sys 50768 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:48 Company: Microsoft Corporation ---------- Key: kbdhid ImagePath: system32\DRIVERS\kbdhid.sys C:\Windows\System32\DRIVERS\kbdhid.sys 33280 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: KeyIso ImagePath: %SystemRoot%\system32\lsass.exe C:\Windows\System32\lsass.exe 31232 bytes Created: 18.01.2012 14:53 Modified: 17.11.2011 07:33 Company: Microsoft Corporation ---------- Key: KMWDFILTER ImagePath: system32\DRIVERS\KMWDFILTER.sys C:\Windows\System32\DRIVERS\KMWDFILTER.sys 30208 bytes Created: 29.04.2009 15:28 Modified: 29.04.2009 15:28 Company: Windows (R) Codename Longhorn DDK provider ---------- Key: KSecDD ImagePath: System32\Drivers\ksecdd.sys C:\Windows\System32\Drivers\ksecdd.sys 95600 bytes Created: 16.08.2012 12:13 Modified: 02.06.2012 06:48 Company: Microsoft Corporation ---------- Key: KSecPkg ImagePath: System32\Drivers\ksecpkg.sys C:\Windows\System32\Drivers\ksecpkg.sys 154480 bytes Created: 29.10.2012 11:43 Modified: 24.08.2012 19:13 Company: Microsoft Corporation ---------- Key: ksthunk ImagePath: \SystemRoot\system32\drivers\ksthunk.sys C:\Windows\System32\drivers\ksthunk.sys 20992 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: lltdio ImagePath: system32\DRIVERS\lltdio.sys C:\Windows\System32\DRIVERS\lltdio.sys 60928 bytes Created: 14.07.2009 01:08 Modified: 14.07.2009 01:08 Company: Microsoft Corporation ---------- Key: LMS ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 326424 bytes Created: 30.08.2011 04:00 Modified: 17.06.2011 21:02 Company: Intel Corporation ---------- Key: LSI_FC ImagePath: \SystemRoot\system32\drivers\lsi_fc.sys C:\Windows\System32\drivers\lsi_fc.sys 114752 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:48 Company: LSI Corporation ---------- Key: LSI_SAS ImagePath: \SystemRoot\system32\drivers\lsi_sas.sys C:\Windows\System32\drivers\lsi_sas.sys 106560 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:48 Company: LSI Corporation ---------- Key: LSI_SAS2 ImagePath: \SystemRoot\system32\drivers\lsi_sas2.sys C:\Windows\System32\drivers\lsi_sas2.sys 65600 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:48 Company: LSI Corporation ---------- Key: LSI_SCSI ImagePath: \SystemRoot\system32\drivers\lsi_scsi.sys C:\Windows\System32\drivers\lsi_scsi.sys 115776 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:48 Company: LSI Corporation ---------- Key: luafv ImagePath: \SystemRoot\system32\drivers\luafv.sys C:\Windows\System32\drivers\luafv.sys 113152 bytes Created: 14.07.2009 00:26 Modified: 14.07.2009 00:26 Company: Microsoft Corporation ---------- Key: megasas ImagePath: \SystemRoot\system32\drivers\megasas.sys C:\Windows\System32\drivers\megasas.sys 35392 bytes Created: 10.06.2009 21:37 Modified: 14.07.2009 02:48 Company: LSI Corporation ---------- Key: MegaSR ImagePath: \SystemRoot\system32\drivers\MegaSR.sys C:\Windows\System32\drivers\MegaSR.sys 284736 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:48 Company: LSI Corporation, Inc. ---------- Key: MEIx64 ImagePath: \SystemRoot\system32\drivers\HECIx64.sys C:\Windows\System32\drivers\HECIx64.sys 56344 bytes Created: 21.06.2011 08:51 Modified: 17.06.2011 21:02 Company: Intel Corporation ---------- Key: Modem ImagePath: system32\drivers\modem.sys C:\Windows\System32\drivers\modem.sys 40448 bytes Created: 14.07.2009 01:10 Modified: 14.07.2009 01:10 Company: Microsoft Corporation ---------- Key: monitor ImagePath: system32\DRIVERS\monitor.sys C:\Windows\System32\DRIVERS\monitor.sys 30208 bytes Created: 14.07.2009 00:38 Modified: 14.07.2009 00:38 Company: Microsoft Corporation ---------- Key: mouclass ImagePath: system32\DRIVERS\mouclass.sys C:\Windows\System32\DRIVERS\mouclass.sys 49216 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:48 Company: Microsoft Corporation ---------- Key: mouhid ImagePath: system32\DRIVERS\mouhid.sys C:\Windows\System32\DRIVERS\mouhid.sys 31232 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: mountmgr ImagePath: System32\drivers\mountmgr.sys C:\Windows\System32\drivers\mountmgr.sys 94592 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: MozillaMaintenance ImagePath: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 115608 bytes Created: 17.09.2012 06:36 Modified: 31.01.2013 11:34 Company: Mozilla Foundation ---------- Key: mpio ImagePath: \SystemRoot\system32\drivers\mpio.sys C:\Windows\System32\drivers\mpio.sys 155008 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: mpsdrv ImagePath: System32\drivers\mpsdrv.sys C:\Windows\System32\drivers\mpsdrv.sys 77312 bytes Created: 14.07.2009 01:08 Modified: 14.07.2009 01:08 Company: Microsoft Corporation ---------- Key: MRxDAV ImagePath: \SystemRoot\system32\drivers\mrxdav.sys C:\Windows\System32\drivers\mrxdav.sys 140800 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: mrxsmb ImagePath: system32\DRIVERS\mrxsmb.sys C:\Windows\System32\DRIVERS\mrxsmb.sys 158208 bytes Created: 18.01.2012 13:55 Modified: 27.04.2011 03:40 Company: Microsoft Corporation ---------- Key: mrxsmb10 ImagePath: system32\DRIVERS\mrxsmb10.sys C:\Windows\System32\DRIVERS\mrxsmb10.sys 288768 bytes Created: 18.01.2012 13:55 Modified: 09.07.2011 03:46 Company: Microsoft Corporation ---------- Key: mrxsmb20 ImagePath: system32\DRIVERS\mrxsmb20.sys C:\Windows\System32\DRIVERS\mrxsmb20.sys 128000 bytes Created: 18.01.2012 13:55 Modified: 27.04.2011 03:39 Company: Microsoft Corporation ---------- Key: msahci ImagePath: \SystemRoot\system32\drivers\msahci.sys C:\Windows\System32\drivers\msahci.sys 31104 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: msdsm ImagePath: \SystemRoot\system32\drivers\msdsm.sys C:\Windows\System32\drivers\msdsm.sys 140672 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: MSDTC ImagePath: %SystemRoot%\System32\msdtc.exe C:\Windows\System32\msdtc.exe 141824 bytes Created: 14.07.2009 00:59 Modified: 14.07.2009 02:39 Company: Microsoft Corporation ---------- Key: mshidkmdf ImagePath: \SystemRoot\System32\drivers\mshidkmdf.sys C:\Windows\System32\drivers\mshidkmdf.sys 8192 bytes Created: 14.07.2009 01:06 Modified: 14.07.2009 01:06 Company: Microsoft Corporation ---------- Key: msisadrv ImagePath: system32\drivers\msisadrv.sys C:\Windows\System32\drivers\msisadrv.sys 15424 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:48 Company: Microsoft Corporation ---------- Key: msiserver ImagePath: %systemroot%\system32\msiexec.exe /V C:\Windows\System32\msiexec.exe 128000 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: MSKSSRV ImagePath: system32\drivers\MSKSSRV.sys C:\Windows\System32\drivers\MSKSSRV.sys 11136 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: MSPCLOCK ImagePath: system32\drivers\MSPCLOCK.sys C:\Windows\System32\drivers\MSPCLOCK.sys 7168 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: MSPQM ImagePath: system32\drivers\MSPQM.sys C:\Windows\System32\drivers\MSPQM.sys 6784 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: mssmbios ImagePath: \SystemRoot\system32\drivers\mssmbios.sys C:\Windows\System32\drivers\mssmbios.sys 32320 bytes Created: 14.07.2009 00:31 Modified: 14.07.2009 02:48 Company: Microsoft Corporation ---------- Key: MSTEE ImagePath: system32\drivers\MSTEE.sys C:\Windows\System32\drivers\MSTEE.sys 8064 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: MTConfig ImagePath: \SystemRoot\system32\drivers\MTConfig.sys C:\Windows\System32\drivers\MTConfig.sys 15360 bytes Created: 14.07.2009 01:02 Modified: 14.07.2009 01:02 Company: Microsoft Corporation ---------- Key: Mup ImagePath: System32\Drivers\mup.sys C:\Windows\System32\Drivers\mup.sys 60496 bytes Created: 14.07.2009 00:23 Modified: 14.07.2009 02:48 Company: Microsoft Corporation ---------- Key: MyWiFiDHCPDNS ImagePath: C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 340240 bytes Created: 04.01.2012 12:14 Modified: 04.01.2012 12:14 Company: ---------- Key: NativeWifiP ImagePath: system32\DRIVERS\nwifi.sys C:\Windows\System32\DRIVERS\nwifi.sys 318976 bytes Created: 14.07.2009 01:07 Modified: 14.07.2009 01:07 Company: Microsoft Corporation ---------- Key: NDIS ImagePath: system32\drivers\ndis.sys C:\Windows\System32\drivers\ndis.sys 950128 bytes Created: 12.09.2012 07:31 Modified: 22.08.2012 19:12 Company: Microsoft Corporation ---------- Key: NdisCap ImagePath: system32\DRIVERS\ndiscap.sys C:\Windows\System32\DRIVERS\ndiscap.sys 35328 bytes Created: 14.07.2009 01:08 Modified: 14.07.2009 01:08 Company: Microsoft Corporation ---------- Key: NdisTapi ImagePath: system32\DRIVERS\ndistapi.sys C:\Windows\System32\DRIVERS\ndistapi.sys 24064 bytes Created: 14.07.2009 01:10 Modified: 14.07.2009 01:10 Company: Microsoft Corporation ---------- Key: Ndisuio ImagePath: system32\DRIVERS\ndisuio.sys C:\Windows\System32\DRIVERS\ndisuio.sys 56832 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: NdisWan ImagePath: system32\DRIVERS\ndiswan.sys C:\Windows\System32\DRIVERS\ndiswan.sys 164352 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: NetBIOS ImagePath: system32\DRIVERS\netbios.sys C:\Windows\System32\DRIVERS\netbios.sys 44544 bytes Created: 14.07.2009 01:09 Modified: 14.07.2009 01:09 Company: Microsoft Corporation ---------- Key: NetBT ImagePath: System32\DRIVERS\netbt.sys C:\Windows\System32\DRIVERS\netbt.sys 261632 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: Netlogon ImagePath: %systemroot%\system32\lsass.exe C:\Windows\System32\lsass.exe 31232 bytes Created: 18.01.2012 14:53 Modified: 17.11.2011 07:33 Company: Microsoft Corporation ---------- Key: NETwNs64 ImagePath: system32\DRIVERS\Netwsw00.sys C:\Windows\System32\DRIVERS\Netwsw00.sys 11518976 bytes Created: 06.12.2012 12:11 Modified: 06.12.2012 12:11 Company: Intel Corporation ---------- Key: nfrd960 ImagePath: \SystemRoot\system32\drivers\nfrd960.sys C:\Windows\System32\drivers\nfrd960.sys 51264 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:48 Company: IBM Corporation ---------- Key: nsiproxy ImagePath: system32\drivers\nsiproxy.sys C:\Windows\System32\drivers\nsiproxy.sys 24576 bytes Created: 14.07.2009 00:21 Modified: 14.07.2009 00:21 Company: Microsoft Corporation ---------- Key: nusb3hub ImagePath: system32\DRIVERS\nusb3hub.sys C:\Windows\System32\DRIVERS\nusb3hub.sys 96768 bytes Created: 25.10.2011 01:57 Modified: 25.10.2011 01:57 Company: Renesas Electronics Corporation ---------- Key: nusb3xhc ImagePath: system32\DRIVERS\nusb3xhc.sys C:\Windows\System32\DRIVERS\nusb3xhc.sys 213504 bytes Created: 25.10.2011 01:57 Modified: 25.10.2011 01:57 Company: Renesas Electronics Corporation ---------- Key: nvlddmkm ImagePath: system32\DRIVERS\nvlddmkm.sys C:\Windows\System32\DRIVERS\nvlddmkm.sys 11572512 bytes Created: 13.07.2009 22:59 Modified: 10.06.2009 21:37 Company: NVIDIA Corporation ---------- Key: nvraid ImagePath: \SystemRoot\system32\drivers\nvraid.sys C:\Windows\System32\drivers\nvraid.sys 148352 bytes Created: 30.08.2011 03:48 Modified: 11.03.2011 07:41 Company: NVIDIA Corporation ---------- Key: nvstor ImagePath: \SystemRoot\system32\drivers\nvstor.sys C:\Windows\System32\drivers\nvstor.sys 166272 bytes Created: 30.08.2011 03:48 Modified: 11.03.2011 07:41 Company: NVIDIA Corporation ---------- Key: nv_agp ImagePath: \SystemRoot\system32\drivers\nv_agp.sys C:\Windows\System32\drivers\nv_agp.sys 122960 bytes Created: 14.07.2009 00:38 Modified: 14.07.2009 02:48 Company: Microsoft Corporation ---------- Key: ohci1394 ImagePath: \SystemRoot\system32\drivers\ohci1394.sys C:\Windows\System32\drivers\ohci1394.sys 72832 bytes Created: 14.07.2009 01:06 Modified: 14.07.2009 01:06 Company: Microsoft Corporation ---------- Key: ose ImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 89136 bytes Created: 28.07.2003 12:28 Modified: 28.07.2003 12:28 Company: Microsoft Corporation ---------- Key: Parport ImagePath: \SystemRoot\system32\drivers\parport.sys C:\Windows\System32\drivers\parport.sys 97280 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: partmgr ImagePath: System32\drivers\partmgr.sys C:\Windows\System32\drivers\partmgr.sys 75120 bytes Created: 15.05.2012 07:54 Modified: 17.03.2012 08:58 Company: Microsoft Corporation ---------- Key: pci ImagePath: system32\drivers\pci.sys C:\Windows\System32\drivers\pci.sys 184704 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: pciide ImagePath: \SystemRoot\system32\drivers\pciide.sys C:\Windows\System32\drivers\pciide.sys 12352 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:45 Company: Microsoft Corporation ---------- Key: pcmcia ImagePath: \SystemRoot\system32\drivers\pcmcia.sys C:\Windows\System32\drivers\pcmcia.sys 220752 bytes Created: 14.07.2009 00:31 Modified: 14.07.2009 02:45 Company: Microsoft Corporation ---------- Key: pcw ImagePath: System32\drivers\pcw.sys C:\Windows\System32\drivers\pcw.sys 50768 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:45 Company: Microsoft Corporation ---------- Key: PEAUTH ImagePath: system32\drivers\peauth.sys C:\Windows\System32\drivers\peauth.sys 651264 bytes Created: 14.07.2009 00:51 Modified: 14.07.2009 02:01 Company: Microsoft Corporation ---------- Key: PerfHost ImagePath: %SystemRoot%\SysWow64\perfhost.exe C:\Windows\SysWow64\perfhost.exe 20992 bytes Created: 14.07.2009 00:11 Modified: 14.07.2009 02:14 Company: Microsoft Corporation ---------- Key: Point64 ImagePath: system32\DRIVERS\point64.sys C:\Windows\System32\DRIVERS\point64.sys 46176 bytes Created: 26.06.2012 20:38 Modified: 26.06.2012 20:38 Company: Microsoft Corporation ---------- Key: PptpMiniport ImagePath: system32\DRIVERS\raspptp.sys C:\Windows\System32\DRIVERS\raspptp.sys 111104 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: Processor ImagePath: \SystemRoot\system32\drivers\processr.sys C:\Windows\System32\drivers\processr.sys 60416 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 00:19 Company: Microsoft Corporation ---------- Key: ProtectedStorage ImagePath: %SystemRoot%\system32\lsass.exe C:\Windows\System32\lsass.exe 31232 bytes Created: 18.01.2012 14:53 Modified: 17.11.2011 07:33 Company: Microsoft Corporation ---------- Key: Psched ImagePath: system32\DRIVERS\pacer.sys C:\Windows\System32\DRIVERS\pacer.sys 131584 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: ql2300 ImagePath: \SystemRoot\system32\drivers\ql2300.sys C:\Windows\System32\drivers\ql2300.sys 1524816 bytes Created: 10.06.2009 21:37 Modified: 14.07.2009 02:45 Company: QLogic Corporation ---------- Key: ql40xx ImagePath: \SystemRoot\system32\drivers\ql40xx.sys C:\Windows\System32\drivers\ql40xx.sys 128592 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:45 Company: QLogic Corporation ---------- Key: QWAVEdrv ImagePath: \SystemRoot\system32\drivers\qwavedrv.sys C:\Windows\System32\drivers\qwavedrv.sys 46592 bytes Created: 14.07.2009 01:09 Modified: 14.07.2009 01:09 Company: Microsoft Corporation ---------- Key: RasAcd ImagePath: System32\DRIVERS\rasacd.sys C:\Windows\System32\DRIVERS\rasacd.sys 14848 bytes Created: 14.07.2009 01:10 Modified: 14.07.2009 01:10 Company: Microsoft Corporation ---------- Key: RasAgileVpn ImagePath: system32\DRIVERS\AgileVpn.sys C:\Windows\System32\DRIVERS\AgileVpn.sys 60416 bytes Created: 14.07.2009 01:10 Modified: 14.07.2009 01:10 Company: Microsoft Corporation ---------- Key: Rasl2tp ImagePath: system32\DRIVERS\rasl2tp.sys C:\Windows\System32\DRIVERS\rasl2tp.sys 129536 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: RasPppoe ImagePath: system32\DRIVERS\raspppoe.sys C:\Windows\System32\DRIVERS\raspppoe.sys 92672 bytes Created: 14.07.2009 01:10 Modified: 14.07.2009 01:10 Company: Microsoft Corporation ---------- Key: RasSstp ImagePath: system32\DRIVERS\rassstp.sys C:\Windows\System32\DRIVERS\rassstp.sys 83968 bytes Created: 14.07.2009 01:10 Modified: 14.07.2009 01:10 Company: Microsoft Corporation ---------- Key: rdbss ImagePath: system32\DRIVERS\rdbss.sys C:\Windows\System32\DRIVERS\rdbss.sys 309248 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: rdpbus ImagePath: \SystemRoot\system32\drivers\rdpbus.sys C:\Windows\System32\drivers\rdpbus.sys 24064 bytes Created: 14.07.2009 01:17 Modified: 14.07.2009 01:17 Company: Microsoft Corporation ---------- Key: RDPCDD ImagePath: System32\DRIVERS\RDPCDD.sys C:\Windows\System32\DRIVERS\RDPCDD.sys 7680 bytes Created: 14.07.2009 01:16 Modified: 14.07.2009 01:16 Company: Microsoft Corporation ---------- Key: RDPDR ImagePath: System32\drivers\rdpdr.sys C:\Windows\System32\drivers\rdpdr.sys 165888 bytes Created: 21.11.2010 04:25 Modified: 21.11.2010 04:25 Company: Microsoft Corporation ---------- Key: RDPENCDD ImagePath: system32\drivers\rdpencdd.sys C:\Windows\System32\drivers\rdpencdd.sys 7680 bytes Created: 14.07.2009 01:16 Modified: 14.07.2009 01:16 Company: Microsoft Corporation ---------- Key: RDPREFMP ImagePath: system32\drivers\rdprefmp.sys C:\Windows\System32\drivers\rdprefmp.sys 8192 bytes Created: 14.07.2009 01:16 Modified: 14.07.2009 01:16 Company: Microsoft Corporation ---------- Key: RdpVideoMiniport ImagePath: System32\drivers\rdpvideominiport.sys C:\Windows\System32\drivers\rdpvideominiport.sys 19456 bytes Created: 29.10.2012 11:43 Modified: 23.08.2012 15:10 Company: Microsoft Corporation ---------- Key: rdyboost ImagePath: System32\drivers\rdyboost.sys C:\Windows\System32\drivers\rdyboost.sys 213888 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: RegSrvc ImagePath: C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 844560 bytes Created: 04.01.2012 12:13 Modified: 04.01.2012 12:13 Company: Intel(R) Corporation ---------- Key: RFCOMM ImagePath: system32\DRIVERS\rfcomm.sys C:\Windows\System32\DRIVERS\rfcomm.sys 158720 bytes Created: 14.07.2009 01:06 Modified: 14.07.2009 01:06 Company: Microsoft Corporation ---------- Key: RpcLocator ImagePath: %SystemRoot%\system32\locator.exe C:\Windows\System32\locator.exe 10240 bytes Created: 14.07.2009 00:59 Modified: 14.07.2009 02:39 Company: Microsoft Corporation ---------- Key: RSPCIESTOR ImagePath: system32\DRIVERS\RtsPStor.sys C:\Windows\System32\DRIVERS\RtsPStor.sys 337512 bytes Created: 30.08.2011 04:00 Modified: 16.06.2011 21:51 Company: Realtek Semiconductor Corp. ---------- Key: rspndr ImagePath: system32\DRIVERS\rspndr.sys C:\Windows\System32\DRIVERS\rspndr.sys 76800 bytes Created: 14.07.2009 01:08 Modified: 14.07.2009 01:08 Company: Microsoft Corporation ---------- Key: RTL8167 ImagePath: system32\DRIVERS\Rt64win7.sys C:\Windows\System32\DRIVERS\Rt64win7.sys 425064 bytes Created: 30.08.2011 03:57 Modified: 30.01.2011 02:19 Company: Realtek ---------- Key: s3cap ImagePath: \SystemRoot\system32\drivers\vms3cap.sys C:\Windows\System32\drivers\vms3cap.sys 6656 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: SamSs ImagePath: %SystemRoot%\system32\lsass.exe C:\Windows\System32\lsass.exe 31232 bytes Created: 18.01.2012 14:53 Modified: 17.11.2011 07:33 Company: Microsoft Corporation ---------- Key: sbp2port ImagePath: \SystemRoot\system32\drivers\sbp2port.sys C:\Windows\System32\drivers\sbp2port.sys 103808 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: scfilter ImagePath: System32\DRIVERS\scfilter.sys C:\Windows\System32\DRIVERS\scfilter.sys 29696 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: sdbus ImagePath: system32\DRIVERS\sdbus.sys C:\Windows\System32\DRIVERS\sdbus.sys 109056 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: Serenum ImagePath: \SystemRoot\system32\drivers\serenum.sys C:\Windows\System32\drivers\serenum.sys 23552 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: Serial ImagePath: \SystemRoot\system32\drivers\serial.sys C:\Windows\System32\drivers\serial.sys 94208 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: sermouse ImagePath: \SystemRoot\system32\drivers\sermouse.sys C:\Windows\System32\drivers\sermouse.sys 26624 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 01:00 Company: Microsoft Corporation ---------- Key: SFEP ImagePath: \SystemRoot\system32\drivers\SFEP.sys C:\Windows\System32\drivers\SFEP.sys 12032 bytes Created: 02.06.2010 03:59 Modified: 26.04.2010 21:20 Company: Sony Corporation ---------- Key: sffdisk ImagePath: \SystemRoot\system32\drivers\sffdisk.sys C:\Windows\System32\drivers\sffdisk.sys 14336 bytes Created: 14.07.2009 01:01 Modified: 14.07.2009 01:01 Company: Microsoft Corporation ---------- Key: sffp_mmc ImagePath: \SystemRoot\system32\drivers\sffp_mmc.sys C:\Windows\System32\drivers\sffp_mmc.sys 13824 bytes Created: 14.07.2009 01:01 Modified: 14.07.2009 01:01 Company: Microsoft Corporation ---------- Key: sffp_sd ImagePath: \SystemRoot\system32\drivers\sffp_sd.sys C:\Windows\System32\drivers\sffp_sd.sys 14336 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: sfloppy ImagePath: \SystemRoot\system32\drivers\sfloppy.sys C:\Windows\System32\drivers\sfloppy.sys 16896 bytes Created: 14.07.2009 01:01 Modified: 14.07.2009 01:01 Company: Microsoft Corporation ---------- Key: SiSRaid2 ImagePath: \SystemRoot\system32\drivers\SiSRaid2.sys C:\Windows\System32\drivers\SiSRaid2.sys 43584 bytes Created: 10.06.2009 21:37 Modified: 14.07.2009 02:45 Company: Silicon Integrated Systems Corp. ---------- Key: SiSRaid4 ImagePath: \SystemRoot\system32\drivers\sisraid4.sys C:\Windows\System32\drivers\sisraid4.sys 80464 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:45 Company: Silicon Integrated Systems ---------- Key: Skype C2C Service ImagePath: "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 3064000 bytes Created: 02.10.2012 12:13 Modified: 02.10.2012 12:13 Company: Skype Technologies S.A. ---------- Key: SkypeUpdate ImagePath: "C:\Program Files (x86)\Skype\Updater\Updater.exe" C:\Program Files (x86)\Skype\Updater\Updater.exe -R- 160944 bytes Created: 19.10.2012 16:33 Modified: 19.10.2012 16:33 Company: Skype Technologies ---------- Key: Smb ImagePath: system32\DRIVERS\smb.sys C:\Windows\System32\DRIVERS\smb.sys 93184 bytes Created: 14.07.2009 01:09 Modified: 14.07.2009 01:09 Company: Microsoft Corporation ---------- Key: SNMPTRAP ImagePath: %SystemRoot%\System32\snmptrap.exe C:\Windows\System32\snmptrap.exe 14336 bytes Created: 14.07.2009 01:10 Modified: 14.07.2009 02:39 Company: Microsoft Corporation ---------- Key: Spooler ImagePath: %SystemRoot%\System32\spoolsv.exe C:\Windows\System32\spoolsv.exe 559104 bytes Created: 16.08.2012 12:13 Modified: 11.02.2012 07:36 Company: Microsoft Corporation ---------- Key: sppsvc ImagePath: %SystemRoot%\system32\sppsvc.exe C:\Windows\System32\sppsvc.exe 3524608 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: srv ImagePath: System32\DRIVERS\srv.sys C:\Windows\System32\DRIVERS\srv.sys 467456 bytes Created: 18.01.2012 13:54 Modified: 29.04.2011 04:06 Company: Microsoft Corporation ---------- Key: srv2 ImagePath: System32\DRIVERS\srv2.sys C:\Windows\System32\DRIVERS\srv2.sys 410112 bytes Created: 18.01.2012 13:54 Modified: 29.04.2011 04:05 Company: Microsoft Corporation ---------- Key: srvnet ImagePath: System32\DRIVERS\srvnet.sys C:\Windows\System32\DRIVERS\srvnet.sys 168448 bytes Created: 18.01.2012 13:54 Modified: 29.04.2011 04:05 Company: Microsoft Corporation ---------- Key: stexstor ImagePath: \SystemRoot\system32\drivers\stexstor.sys C:\Windows\System32\drivers\stexstor.sys 24656 bytes Created: 13.07.2009 22:59 Modified: 14.07.2009 02:45 Company: Promise Technology ---------- Key: storflt ImagePath: system32\drivers\vmstorfl.sys C:\Windows\System32\drivers\vmstorfl.sys 46464 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: storvsc ImagePath: \SystemRoot\system32\drivers\storvsc.sys C:\Windows\System32\drivers\storvsc.sys 34688 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: swenum ImagePath: \SystemRoot\system32\drivers\swenum.sys C:\Windows\System32\drivers\swenum.sys 12496 bytes Created: 14.07.2009 01:00 Modified: 14.07.2009 02:45 Company: Microsoft Corporation ---------- Key: Tcpip ImagePath: System32\drivers\tcpip.sys C:\Windows\System32\drivers\tcpip.sys 1914248 bytes Created: 14.11.2012 08:02 Modified: 03.10.2012 18:56 Company: Microsoft Corporation ---------- Key: TCPIP6 ImagePath: system32\DRIVERS\tcpip.sys C:\Windows\System32\DRIVERS\tcpip.sys 1914248 bytes Created: 14.11.2012 08:02 Modified: 03.10.2012 18:56 Company: Microsoft Corporation ---------- Key: tcpipreg ImagePath: System32\drivers\tcpipreg.sys C:\Windows\System32\drivers\tcpipreg.sys 45568 bytes Created: 14.11.2012 08:02 Modified: 03.10.2012 17:07 Company: Microsoft Corporation ---------- Key: TDPIPE ImagePath: system32\drivers\tdpipe.sys C:\Windows\System32\drivers\tdpipe.sys 15872 bytes Created: 14.07.2009 01:16 Modified: 14.07.2009 01:16 Company: Microsoft Corporation ---------- Key: TDTCP ImagePath: system32\drivers\tdtcp.sys C:\Windows\System32\drivers\tdtcp.sys 23552 bytes Created: 14.03.2012 09:34 Modified: 17.02.2012 05:57 Company: Microsoft Corporation ---------- Key: tdx ImagePath: system32\DRIVERS\tdx.sys C:\Windows\System32\DRIVERS\tdx.sys 119296 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: TermDD ImagePath: \SystemRoot\system32\drivers\termdd.sys C:\Windows\System32\drivers\termdd.sys 63360 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: TPM ImagePath: system32\drivers\tpm.sys C:\Windows\System32\drivers\tpm.sys 38400 bytes Created: 14.07.2009 00:21 Modified: 14.07.2009 00:21 Company: Microsoft Corporation ---------- Key: TrustedInstaller ImagePath: %SystemRoot%\servicing\TrustedInstaller.exe C:\Windows\servicing\TrustedInstaller.exe 194048 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: tssecsrv ImagePath: System32\DRIVERS\tssecsrv.sys C:\Windows\System32\DRIVERS\tssecsrv.sys 39424 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: TsUsbFlt ImagePath: system32\drivers\tsusbflt.sys C:\Windows\System32\drivers\tsusbflt.sys 57856 bytes Created: 29.10.2012 11:43 Modified: 23.08.2012 15:07 Company: Microsoft Corporation ---------- Key: TsUsbGD ImagePath: \SystemRoot\system32\drivers\TsUsbGD.sys C:\Windows\System32\drivers\TsUsbGD.sys 30208 bytes Created: 29.10.2012 11:43 Modified: 23.08.2012 15:08 Company: Microsoft Corporation ---------- Key: tunnel ImagePath: system32\DRIVERS\tunnel.sys C:\Windows\System32\DRIVERS\tunnel.sys 125440 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: uagp35 ImagePath: \SystemRoot\system32\drivers\uagp35.sys C:\Windows\System32\drivers\uagp35.sys 64080 bytes Created: 14.07.2009 00:38 Modified: 14.07.2009 02:45 Company: Microsoft Corporation ---------- Key: udfs ImagePath: system32\DRIVERS\udfs.sys C:\Windows\System32\DRIVERS\udfs.sys 328192 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: UI0Detect ImagePath: %SystemRoot%\system32\UI0Detect.exe C:\Windows\System32\UI0Detect.exe 40960 bytes Created: 14.07.2009 00:52 Modified: 14.07.2009 02:39 Company: Microsoft Corporation ---------- Key: uliagpkx ImagePath: \SystemRoot\system32\drivers\uliagpkx.sys C:\Windows\System32\drivers\uliagpkx.sys 64592 bytes Created: 14.07.2009 00:38 Modified: 14.07.2009 02:45 Company: Microsoft Corporation ---------- Key: umbus ImagePath: system32\DRIVERS\umbus.sys C:\Windows\System32\DRIVERS\umbus.sys 48640 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: UmPass ImagePath: \SystemRoot\system32\drivers\umpass.sys C:\Windows\System32\drivers\umpass.sys 9728 bytes Created: 14.07.2009 01:06 Modified: 14.07.2009 01:06 Company: Microsoft Corporation ---------- Key: UNS ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 2656536 bytes Created: 30.08.2011 04:00 Modified: 17.06.2011 21:02 Company: Intel Corporation ---------- Key: usbccgp ImagePath: system32\DRIVERS\usbccgp.sys C:\Windows\System32\DRIVERS\usbccgp.sys 98816 bytes Created: 26.05.2011 21:05 Modified: 26.05.2011 21:05 Company: Microsoft Corporation ---------- Key: usbcir ImagePath: \SystemRoot\system32\drivers\usbcir.sys C:\Windows\System32\drivers\usbcir.sys 100352 bytes Created: 14.07.2009 01:06 Modified: 14.07.2009 01:06 Company: Microsoft Corporation ---------- Key: usbehci ImagePath: \SystemRoot\system32\drivers\usbehci.sys C:\Windows\System32\drivers\usbehci.sys 52736 bytes Created: 26.05.2011 21:05 Modified: 26.05.2011 21:05 Company: Microsoft Corporation ---------- Key: usbhub ImagePath: \SystemRoot\system32\drivers\usbhub.sys C:\Windows\System32\drivers\usbhub.sys 343040 bytes Created: 26.05.2011 21:05 Modified: 26.05.2011 21:05 Company: Microsoft Corporation ---------- Key: usbohci ImagePath: \SystemRoot\system32\drivers\usbohci.sys C:\Windows\System32\drivers\usbohci.sys 25600 bytes Created: 26.05.2011 21:05 Modified: 26.05.2011 21:05 Company: Microsoft Corporation ---------- Key: usbprint ImagePath: system32\DRIVERS\usbprint.sys C:\Windows\System32\DRIVERS\usbprint.sys 25088 bytes Created: 14.07.2009 01:38 Modified: 14.07.2009 01:38 Company: Microsoft Corporation ---------- Key: usbscan ImagePath: system32\DRIVERS\usbscan.sys C:\Windows\System32\DRIVERS\usbscan.sys 41984 bytes Created: 14.07.2009 01:35 Modified: 14.07.2009 01:35 Company: Microsoft Corporation ---------- Key: USBSTOR ImagePath: system32\DRIVERS\USBSTOR.SYS C:\Windows\System32\DRIVERS\USBSTOR.SYS 91648 bytes Created: 30.08.2011 03:48 Modified: 11.03.2011 05:37 Company: Microsoft Corporation ---------- Key: usbuhci ImagePath: \SystemRoot\system32\drivers\usbuhci.sys C:\Windows\System32\drivers\usbuhci.sys 30720 bytes Created: 26.05.2011 21:05 Modified: 26.05.2011 21:05 Company: Microsoft Corporation ---------- Key: usbvideo ImagePath: System32\Drivers\usbvideo.sys C:\Windows\System32\Drivers\usbvideo.sys 184960 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: VAIO Event Service ImagePath: "C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe" C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe 66696 bytes Created: 30.08.2011 04:10 Modified: 07.07.2011 14:44 Company: Sony Corporation ---------- Key: VAIO Power Management ImagePath: "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" C:\Program Files\Sony\VAIO Power Management\SPMService.exe 552584 bytes Created: 30.08.2011 04:11 Modified: 31.05.2011 15:51 Company: Sony Corporation ---------- Key: VaultSvc ImagePath: %SystemRoot%\system32\lsass.exe C:\Windows\System32\lsass.exe 31232 bytes Created: 18.01.2012 14:53 Modified: 17.11.2011 07:33 Company: Microsoft Corporation ---------- Key: vdrvroot ImagePath: system32\drivers\vdrvroot.sys C:\Windows\System32\drivers\vdrvroot.sys 36432 bytes Created: 14.07.2009 01:01 Modified: 14.07.2009 02:45 Company: Microsoft Corporation ---------- Key: vds ImagePath: %SystemRoot%\System32\vds.exe C:\Windows\System32\vds.exe 533504 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: vga ImagePath: system32\DRIVERS\vgapnp.sys C:\Windows\System32\DRIVERS\vgapnp.sys 29184 bytes Created: 14.07.2009 00:38 Modified: 14.07.2009 00:38 Company: Microsoft Corporation ---------- Key: VgaSave ImagePath: \SystemRoot\System32\drivers\vga.sys C:\Windows\System32\drivers\vga.sys 29184 bytes Created: 14.07.2009 00:38 Modified: 14.07.2009 00:38 Company: Microsoft Corporation ---------- Key: vhdmp ImagePath: \SystemRoot\system32\drivers\vhdmp.sys C:\Windows\System32\drivers\vhdmp.sys 215936 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: viaide ImagePath: \SystemRoot\system32\drivers\viaide.sys C:\Windows\System32\drivers\viaide.sys 17488 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:45 Company: VIA Technologies, Inc. ---------- Key: vmbus ImagePath: \SystemRoot\system32\drivers\vmbus.sys C:\Windows\System32\drivers\vmbus.sys 199552 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: VMBusHID ImagePath: \SystemRoot\system32\drivers\VMBusHID.sys C:\Windows\System32\drivers\VMBusHID.sys 21760 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: volmgr ImagePath: system32\drivers\volmgr.sys C:\Windows\System32\drivers\volmgr.sys 71552 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: volmgrx ImagePath: System32\drivers\volmgrx.sys C:\Windows\System32\drivers\volmgrx.sys 363392 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: volsnap ImagePath: system32\drivers\volsnap.sys C:\Windows\System32\drivers\volsnap.sys 295808 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: vsmraid ImagePath: \SystemRoot\system32\drivers\vsmraid.sys C:\Windows\System32\drivers\vsmraid.sys 161872 bytes Created: 10.06.2009 21:37 Modified: 14.07.2009 02:45 Company: VIA Technologies Inc.,Ltd ---------- Key: VSNService ImagePath: "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe" C:\Program Files\Sony\VAIO Smart Network\VSNService.exe 969352 bytes Created: 30.08.2011 04:12 Modified: 15.07.2011 15:43 Company: Sony Corporation ---------- Key: VSS ImagePath: %systemroot%\system32\vssvc.exe C:\Windows\System32\vssvc.exe 1600512 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: VUAgent ImagePath: "C:\Program Files\Sony\VAIO Update Common\VUAgent.exe" C:\Program Files\Sony\VAIO Update Common\VUAgent.exe 1256040 bytes Created: 13.01.2012 09:55 Modified: 13.01.2012 09:55 Company: Sony Corporation ---------- Key: vwifibus ImagePath: system32\DRIVERS\vwifibus.sys C:\Windows\System32\DRIVERS\vwifibus.sys 24576 bytes Created: 14.07.2009 01:07 Modified: 14.07.2009 01:07 Company: Microsoft Corporation ---------- Key: vwififlt ImagePath: system32\DRIVERS\vwififlt.sys C:\Windows\System32\DRIVERS\vwififlt.sys 59904 bytes Created: 14.07.2009 01:07 Modified: 14.07.2009 01:07 Company: Microsoft Corporation ---------- Key: vwifimp ImagePath: system32\DRIVERS\vwifimp.sys C:\Windows\System32\DRIVERS\vwifimp.sys 17920 bytes Created: 14.07.2009 01:07 Modified: 14.07.2009 01:07 Company: Microsoft Corporation ---------- Key: WacomPen ImagePath: \SystemRoot\system32\drivers\wacompen.sys C:\Windows\System32\drivers\wacompen.sys 27776 bytes Created: 14.07.2009 01:02 Modified: 14.07.2009 01:02 Company: Microsoft Corporation ---------- Key: WANARP ImagePath: system32\DRIVERS\wanarp.sys C:\Windows\System32\DRIVERS\wanarp.sys 88576 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: Wanarpv6 ImagePath: system32\DRIVERS\wanarp.sys C:\Windows\System32\DRIVERS\wanarp.sys 88576 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation ---------- Key: wbengine ImagePath: "%systemroot%\system32\wbengine.exe" C:\Windows\System32\wbengine.exe 1504256 bytes Created: 21.11.2010 04:25 Modified: 21.11.2010 04:25 Company: Microsoft Corporation ---------- Key: Wd ImagePath: system32\drivers\wd.sys C:\Windows\System32\drivers\wd.sys 21056 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:45 Company: Microsoft Corporation ---------- Key: Wdf01000 ImagePath: system32\drivers\Wdf01000.sys C:\Windows\System32\drivers\Wdf01000.sys 785512 bytes Created: 20.11.2012 08:19 Modified: 26.07.2012 05:55 Company: Microsoft Corporation ---------- Key: wdkmd ImagePath: system32\DRIVERS\WDKMD.sys C:\Windows\System32\DRIVERS\WDKMD.sys 42392 bytes Created: 21.06.2011 14:19 Modified: 21.06.2011 14:19 Company: Intel Corporation ---------- Key: WfpLwf ImagePath: system32\DRIVERS\wfplwf.sys C:\Windows\System32\DRIVERS\wfplwf.sys 12800 bytes Created: 14.07.2009 01:09 Modified: 14.07.2009 01:09 Company: Microsoft Corporation ---------- Key: WIMMount ImagePath: system32\drivers\wimmount.sys C:\Windows\System32\drivers\wimmount.sys 22096 bytes Created: 14.07.2009 00:29 Modified: 14.07.2009 02:45 Company: Microsoft Corporation ---------- Key: WinUsb ImagePath: system32\DRIVERS\WinUsb.sys C:\Windows\System32\DRIVERS\WinUsb.sys 41984 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation ---------- Key: WmiAcpi ImagePath: \SystemRoot\system32\drivers\wmiacpi.sys C:\Windows\System32\drivers\wmiacpi.sys 14336 bytes Created: 14.07.2009 00:31 Modified: 14.07.2009 00:31 Company: Microsoft Corporation ---------- Key: wmiApSrv ImagePath: %systemroot%\system32\wbem\WmiApSrv.exe C:\Windows\System32\wbem\WmiApSrv.exe 203264 bytes Created: 14.07.2009 00:47 Modified: 14.07.2009 02:39 Company: Microsoft Corporation ---------- Key: WMPNetworkSvc ImagePath: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" C:\Program Files\Windows Media Player\wmpnetwk.exe 1525248 bytes Created: 21.11.2010 04:25 Modified: 21.11.2010 04:25 Company: Microsoft Corporation ---------- Key: ws2ifsl ImagePath: \SystemRoot\system32\drivers\ws2ifsl.sys C:\Windows\System32\drivers\ws2ifsl.sys 21504 bytes Created: 14.07.2009 01:10 Modified: 14.07.2009 01:10 Company: Microsoft Corporation ---------- Key: WSearch ImagePath: %systemroot%\system32\SearchIndexer.exe /Embedding C:\Windows\System32\SearchIndexer.exe 591872 bytes Created: 18.01.2012 13:55 Modified: 04.05.2011 06:19 Company: Microsoft Corporation ---------- Key: WTGService ImagePath: C:\Program Files (x86)\OneClickInternet\WTGService.exe C:\Program Files (x86)\OneClickInternet\WTGService.exe 342984 bytes Created: 30.08.2011 05:04 Modified: 09.03.2011 11:40 Company: [no info] ---------- Key: WudfPf ImagePath: system32\drivers\WudfPf.sys C:\Windows\System32\drivers\WudfPf.sys 87040 bytes Created: 16.11.2012 14:58 Modified: 26.07.2012 03:26 Company: Microsoft Corporation ---------- Key: WUDFRd ImagePath: system32\DRIVERS\WUDFRd.sys C:\Windows\System32\DRIVERS\WUDFRd.sys 198656 bytes Created: 16.11.2012 14:58 Modified: 26.07.2012 03:26 Company: Microsoft Corporation ---------- ************************************************************ 23:30:33: Scanning -----VXD ENTRIES----- ************************************************************ 23:30:33: Scanning ----- WINLOGON\NOTIFY DLLS ----- No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 23:30:33: Scanning ----- CONTEXTMENUHANDLERS ----- Key: BTMSentToExt CLSID: {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} Path: C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll 10358784 bytes Created: 14.11.2011 17:13 Modified: 14.11.2011 17:13 Company: Intel Corporation ---------- Key: Shell Extension for Malware scanning CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A} Path: C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll 2290464 bytes Created: 10.10.2012 11:32 Modified: 13.12.2012 13:33 Company: Avira Operations GmbH & Co. KG ---------- ************************************************************ 23:30:33: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} File: C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll 7236736 bytes Created: 21.09.2012 20:10 Modified: 14.08.2012 16:49 Company: Tracker Software Products (Canada) Ltd. ---------- Key: {F9DB5320-233E-11D1-9F84-707F02C10627} File: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 397016 bytes Created: 18.12.2012 15:28 Modified: 18.12.2012 15:28 Company: Adobe Systems, Inc. ---------- ************************************************************ 23:30:34: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} BHO: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 66280 bytes Created: 18.12.2012 15:28 Modified: 18.12.2012 15:28 Company: Adobe Systems Incorporated ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll 253584 bytes Created: 06.09.2012 23:18 Modified: 10.01.2013 18:33 Company: Google Inc. ---------- Key: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} BHO: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll 5748928 bytes Created: 02.10.2012 12:06 Modified: 02.10.2012 12:06 Company: Skype Technologies S.A. ---------- Key: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} BHO: "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll 1219152 bytes Created: 21.10.2011 15:23 Modified: 21.10.2011 15:23 Company: Microsoft Corporation. ---------- ************************************************************ 23:30:35: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 23:30:35: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- No SharedTaskScheduler entries found to scan ************************************************************ 23:30:35: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 23:30:35: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************************ 23:30:35: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 23:30:35: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 14.07.2009 05:54 Modified: 18.01.2012 13:22 Company: [no info] -------------------- OneClick Internet.lnk - links to C:\PROGRA~2\ONECLI~1\ONECLI~1.EXE C:\PROGRA~2\ONECLI~1\ONECLI~1.EXE 3128264 bytes Created: 30.08.2011 05:04 Modified: 18.04.2011 09:14 Company: WebToGo Mobiles Internet GmbH -------------------- ************************************************************ 23:30:36: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: Mustermann [C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 18.01.2012 14:13 Modified: 16.08.2012 13:16 Company: [no info] ---------- -------------------- ************************************************************ 23:30:37: Scanning ----- SCHEDULED TASKS ----- Taskname: Adobe Flash Player Updater File: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 251400 bytes Created: 03.09.2012 11:29 Modified: 09.01.2013 03:01 Company: Adobe Systems Incorporated Schedule: At 01:05:00 every day Next Run Time: 06.02.2013 00:05:00 Status: Ready Creator: Adobe Systems Incorporated Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern. ---------- Taskname: CCleanerSkipUAC File: C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\CCleaner\CCleaner.exe 3129184 bytes Created: 24.09.2012 19:49 Modified: 24.09.2012 19:49 Company: Piriform Ltd Parameters: $(Arg0) Schedule: Task not scheduled Next Run Time: Status: Ready Creator: Piriform Ltd Comments: ---------- Taskname: CreateChoiceProcessTask File: C:\Windows\Sysnative\browserchoice.exe C:\Windows\System32\browserchoice.exe 294912 bytes Created: 16.08.2012 12:15 Modified: 23.02.2010 09:16 Company: Microsoft Corporation Parameters: /launch Schedule: At task creation/modification Next Run Time: Status: Ready Creator: BrowserChoice Comments: ---------- Taskname: GoogleUpdateTaskMachineCore File: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 116648 bytes Created: 06.09.2012 23:18 Modified: 06.09.2012 23:18 Company: Google Inc. Parameters: /c Schedule: Multiple schedule times Next Run Time: 06.02.2013 08:33:00 Status: Ready Creator: Mustermann Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: GoogleUpdateTaskMachineUA File: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 116648 bytes Created: 06.09.2012 23:18 Modified: 06.09.2012 23:18 Company: Google Inc. Parameters: /ua /installsource scheduler Schedule: At 08:33:00 every day Next Run Time: 05.02.2013 23:33:00 Status: Ready Creator: Mustermann Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird. ---------- Taskname: Microsoft_Hardware_Launch_devicecenter_exe File: c:\Program Files\Microsoft Device Center\devicecenter.exe c:\Program Files\Microsoft Device Center\devicecenter.exe 2084944 bytes Created: 26.06.2012 20:38 Modified: 26.06.2012 20:38 Company: Microsoft Schedule: At task creation/modification Next Run Time: Status: Ready Creator: Comments: ---------- Taskname: Microsoft_Hardware_Launch_ipoint_exe File: c:\Program Files\Microsoft Device Center\ipoint.exe c:\Program Files\Microsoft Device Center\ipoint.exe 2004584 bytes Created: 26.06.2012 20:38 Modified: 26.06.2012 20:38 Company: Microsoft Corporation Schedule: At task creation/modification Next Run Time: Status: Ready Creator: Comments: ---------- Taskname: Microsoft_Hardware_Launch_itype_exe File: c:\Program Files\Microsoft Device Center\itype.exe c:\Program Files\Microsoft Device Center\itype.exe 1464928 bytes Created: 26.06.2012 20:38 Modified: 26.06.2012 20:38 Company: Microsoft Corporation Schedule: At task creation/modification Next Run Time: Status: Ready Creator: Comments: ---------- ************************************************************ 23:30:39: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.dll C:\Windows\System32\ntshrui.dll 509952 bytes Created: 22.02.2012 14:01 Modified: 04.01.2012 11:44 Company: Microsoft Corporation ---------- ************************************************************ 23:30:39: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: msacm.l3acm File: C:\Windows\SysWOW64\l3codeca.acm C:\Windows\SysWOW64\l3codeca.acm 64000 bytes Created: 14.07.2009 01:07 Modified: 14.07.2009 02:14 Company: Fraunhofer Institut Integrierte Schaltungen IIS ---------- Value: vidc.cvid File: iccvid.dll iccvid.dll - [file not found to scan] ---------- ************************************************************ 23:30:39: ----- ADDITIONAL CHECKS ----- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg 642987 bytes Created: 18.01.2012 14:12 Modified: 18.01.2012 14:18 Company: [no info] ---------- Web Desktop Wallpaper entry is blank ---------- DNS Server information: Interface: Huawei Gobi 3000 HS-USB Mobile Broadband Device NameServers: 139.7.30.126 139.7.30.125 Checks for rogue DNS NameServers completed ---------- Checks for Backdoor.ZeroAccess completed ---------- Additional checks completed ************************************************************ 23:30:40: Scanning ----- RUNNING PROCESSES ----- C:\Windows\System32\smss.exe 112640 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:39 Company: Microsoft Corporation -------------------- C:\Windows\System32\csrss.exe 7680 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:39 Company: Microsoft Corporation -------------------- C:\Windows\System32\wininit.exe 129024 bytes Created: 14.07.2009 00:52 Modified: 14.07.2009 02:39 Company: Microsoft Corporation -------------------- C:\Windows\System32\services.exe 328704 bytes Created: 14.07.2009 00:19 Modified: 14.07.2009 02:39 Company: Microsoft Corporation -------------------- C:\Windows\System32\lsm.exe 343040 bytes Created: 21.11.2010 04:23 Modified: 21.11.2010 04:23 Company: Microsoft Corporation -------------------- C:\Windows\System32\svchost.exe 27136 bytes Created: 14.07.2009 00:31 Modified: 14.07.2009 02:39 Company: Microsoft Corporation -------------------- C:\Windows\System32\winlogon.exe 390656 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation -------------------- C:\Windows\System32\wlanext.exe 99328 bytes Created: 14.07.2009 01:07 Modified: 14.07.2009 02:39 Company: Microsoft Corporation -------------------- C:\Windows\System32\conhost.exe 338432 bytes Created: 09.01.2013 07:41 Modified: 30.11.2012 04:23 Company: Microsoft Corporation -------------------- C:\Windows\System32\atieclxx.exe 485376 bytes Created: 04.05.2012 10:07 Modified: 22.12.2011 07:55 Company: AMD -------------------- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe 183432 bytes Created: 30.08.2011 04:10 Modified: 07.07.2011 14:44 Company: Sony Corporation -------------------- C:\Windows\SysWOW64\DllHost.exe 7168 bytes Created: 14.07.2009 00:43 Modified: 14.07.2009 02:14 Company: Microsoft Corporation -------------------- C:\Windows\System32\wbem\unsecapp.exe 47104 bytes Created: 14.07.2009 00:47 Modified: 14.07.2009 02:39 Company: Microsoft Corporation -------------------- C:\Windows\System32\wbem\WmiPrvSE.exe 372736 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation -------------------- C:\Windows\System32\dwm.exe 120320 bytes Created: 14.07.2009 00:37 Modified: 14.07.2009 02:39 Company: Microsoft Corporation -------------------- C:\Windows\System32\taskhost.exe 68608 bytes Created: 09.01.2013 07:41 Modified: 23.11.2012 04:13 Company: Microsoft Corporation -------------------- C:\Windows\System32\rundll32.exe 45568 bytes Created: 14.07.2009 00:57 Modified: 14.07.2009 02:39 Company: Microsoft Corporation -------------------- C:\Windows\System32\taskeng.exe 464384 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation -------------------- C:\Program Files\Apoint\ApMsgFwd.exe 66856 bytes Created: 21.06.2011 08:01 Modified: 15.06.2011 21:17 Company: Alps Electric Co., Ltd. -------------------- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe 839744 bytes Created: 14.11.2011 17:13 Modified: 14.11.2011 17:13 Company: Intel Corporation -------------------- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe 550232 bytes Created: 12.09.2009 23:09 Modified: 12.09.2009 23:09 Company: Citrix Systems, Inc. -------------------- C:\Windows\System32\SearchIndexer.exe 591872 bytes Created: 18.01.2012 13:55 Modified: 04.05.2011 06:19 Company: Microsoft Corporation -------------------- C:\Program Files\Apoint\ApntEx.exe 29552 bytes Created: 21.06.2011 08:01 Modified: 15.06.2011 21:17 Company: Alps Electric Co., Ltd. -------------------- C:\Program Files\Apoint\Apvfb.exe 154480 bytes Created: 21.06.2011 08:01 Modified: 15.06.2011 21:17 Company: ALPS -------------------- C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe 4279736 bytes Created: 30.08.2011 04:12 Modified: 15.07.2011 15:43 Company: Sony Corporation -------------------- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe 2381960 bytes Created: 30.08.2011 04:11 Modified: 31.05.2011 15:51 Company: Sony Corporation -------------------- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 299008 bytes Created: 23.08.2010 15:11 Modified: 23.08.2010 15:11 Company: Advanced Micro Devices Inc. -------------------- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 299008 bytes Created: 28.09.2010 14:33 Modified: 28.09.2010 14:33 Company: ATI Technologies Inc. -------------------- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe 1132136 bytes Created: 30.08.2011 04:13 Modified: 17.01.2012 10:36 Company: Sony Corporation -------------------- C:\Windows\System32\wuauclt.exe 57880 bytes Created: 16.08.2012 12:08 Modified: 02.06.2012 23:19 Company: Microsoft Corporation -------------------- C:\Windows\splwow64.exe 67072 bytes Created: 16.08.2012 12:13 Modified: 11.02.2012 07:36 Company: Microsoft Corporation -------------------- C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE 10352472 bytes Created: 31.05.2007 13:41 Modified: 31.05.2007 13:41 Company: Microsoft Corporation -------------------- C:\Windows\System32\msiexec.exe 128000 bytes Created: 21.11.2010 04:24 Modified: 21.11.2010 04:24 Company: Microsoft Corporation -------------------- C:\Program Files (x86)\Internet Explorer\iexplore.exe 757296 bytes Created: 14.12.2012 08:23 Modified: 14.11.2012 03:56 Company: Microsoft Corporation -------------------- c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\agcp.exe 16448 bytes Created: 11.04.2012 01:15 Modified: 11.04.2012 01:15 Company: Microsoft Corporation -------------------- C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 247584 bytes Created: 10.10.2012 11:32 Modified: 13.12.2012 13:32 Company: Avira Operations GmbH & Co. KG -------------------- C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe 16700032 bytes Created: 21.09.2012 20:10 Modified: 14.08.2012 16:48 Company: Tracker Software Products (Canada) Ltd. -------------------- C:\Windows\System32\SnippingTool.exe 431104 bytes Created: 14.07.2009 01:03 Modified: 14.07.2009 02:39 Company: Microsoft Corporation -------------------- C:\Windows\System32\wisptis.exe 405504 bytes Created: 21.11.2010 04:25 Modified: 21.11.2010 04:25 Company: Microsoft Corporation -------------------- C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe FileSize: 4766968 [This is a Trojan Remover component] -------------------- -------------------- C:\Windows\System32\SearchProtocolHost.exe 249856 bytes Created: 18.01.2012 13:55 Modified: 04.05.2011 06:19 Company: Microsoft Corporation -------------------- C:\Windows\System32\SearchFilterHost.exe 113664 bytes Created: 18.01.2012 13:55 Modified: 04.05.2011 06:19 Company: Microsoft Corporation -------------------- ************************************************************ 23:30:51: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\SysWOW64\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": hxxp://ctx4u.barmenia.de/ HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": hxxp://vaioportal.sony.eu ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 23:30:51 05 Feb 2013 Total Scan time: 00:01:31 ************************************************************ |
|
06.02.2013, 19:18
| #6 |
| /// Malware-holic | Trojaner > http://boxtralsurvisv.pl/gis/file.php hi nutzt du das Gerät für Onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ --> Trojaner > http://boxtralsurvisv.pl/gis/file.php |
|
06.02.2013, 20:05
| #7 |
| | Trojaner > http://boxtralsurvisv.pl/gis/file.php Geldverkehr muss nicht sein, kann das auch über mein Notebook zu hause machen... ...warum fragts? Hast was entdeckt? |
|
06.02.2013, 20:08
| #8 |
| /// Malware-holic | Trojaner > http://boxtralsurvisv.pl/gis/file.php Jepp. Frage: ist das nen Firmen gerät? da du sagst das geht über das Gerät von zuhause? wurde hier Onlinebanking gemacht, dann lass es sperren. Notfallnummer: 116 116 Begründung, Trojan.zbot.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 20:21
| #9 |
| | Trojaner > http://boxtralsurvisv.pl/gis/file.php woher kommt das Mistding? Ja, das ist mein Firmen-Notebook! Wollt mich auf dem Weg zur Arbeit bei meinem Online-Banking einloggen und dann kam diese Sicherheitsprüfung und Abend gings auch nicht, dann hab ichs auf meinem privaten NB versucht und da bin ich reingekommen und da wurde ich skeptisch! Habs dann gestern noch gesperrt! Was ist jetzt zu tun? Betrifft das nur das Online-Banking bzw. Gefahr bei Zahlungsverkehr oder ist das gesamte Notebook infiziert? Ist das ansteckend, d.h. wenn ich ne Mail mit Anhang verschicke geb ichs dann weiter? |
|
06.02.2013, 20:32
| #10 |
| /// Malware-holic | Trojaner > http://boxtralsurvisv.pl/gis/file.php hi also da es ein Firmen pc ist, eine Frage, habt ihr ne IT abteilung, dann schaff das Gerät bitte da hin. Da es aber ein Firmen gerät ist, würde ich es neu aufsetzen, da hier ein garantiert sauberes System nötig ist. weiter versenden per Mailanhang wirst du es wohl nicht. wo das her kommt, kann ich dir abschließend nicht sagen. du nutzt hoffendlich auf nem Firmen gerät kein filesharing, porno, illegale Streamings wie kinox.to, das währen typische infektionsquellen, gehackte Seiten währen auch möglich
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 20:40
| #11 | |||
| | Trojaner > http://boxtralsurvisv.pl/gis/file.phpZitat:
Zitat:
Zitat:
|
|
06.02.2013, 20:42
| #12 |
| /// Malware-holic | Trojaner > http://boxtralsurvisv.pl/gis/file.php Hi daten sichern können wir. aber erst mal musst du mit der IT abteilung, wenn ihr eine habt abklären, ob die das machen, denn gewerblich genutzte geräte reinigen wir nicht, wenn ihr eine solche habt. Diese malware stiehlt unter anderem Banking daten und hatt, je nach funktionsumfang mehr Möglichkeiten, spamversand zb
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.02.2013, 07:28
| #13 |
| | Trojaner > http://boxtralsurvisv.pl/gis/file.php http://www.trojaner-board.de/129770-gvu-trojaner.html bestehe diese Möglichkeit nicht? bin noch in der Probezeit, würd dies ungern der IT bekannt geben! Was meinst du mit Spamversand? Warum hat mich Antivir nicht davor geschützt? |
|
07.02.2013, 12:08
| #14 |
| /// Malware-holic | Trojaner > http://boxtralsurvisv.pl/gis/file.php hi gib den laptop bitte eurer it, was meinst du wie groß dein Problem erst wird, wenn wirtschaftlicher Schaden entsteht?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.02.2013, 12:30
| #15 |
| | Trojaner > http://boxtralsurvisv.pl/gis/file.php also, unsere IT meint: dass von der RecoveryDVD, die sie mir zuschicken, booten soll und das NB auf den Auslieferungszustand zurückversetze die Daten die ich weiterhin brauche soll ich auf eine Festplatte ziehen oder auf DVD brennen aber woher weiß ich denn, ob die Daten nicht auch befallen sind? |
|
| Themen zu Trojaner > http://boxtralsurvisv.pl/gis/file.php |
| avira, blockiert, browser, daten, ebook, eingefangen, erkenn, erkennt, folge, folgende, gefangen, gefunde, kunde, loswerden, programm, quarantäne, schädlinge, tr/agent.55808.198, troja, trojan, trojaner, unerwünschtes, unerwünschtes programm, unterstützung, zugriff |
Linear-Darstellung
