| |
| |||||||
Log-Analyse und Auswertung: Über Nacht: Kein ereignisprotokoll, keine Internetverbindung, PC sehr langsam nach AnmeldungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.07.2014, 20:10
| #16 |
 |  Über Nacht: Kein ereignisprotokoll, keine Internetverbindung, PC sehr langsam nach Anmeldung Trojan Remover Logfiles Code:
ATTFilter 22:50:12: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AAV UpdateService
ImagePath: D:\Steuer-Spar-Erklaerung\AAVUpdateManager\aavus.exe
D:\Steuer-Spar-Erklaerung\AAVUpdateManager\aavus.exe
128296 bytes
Created: 24.10.2008 16:35
Modified: 24.10.2008 16:35
Company:
----------
Key: AcrSch2Svc
ImagePath: "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1112744 bytes
Created: 06.12.2010 07:55
Modified: 06.12.2010 07:55
Company: Acronis
----------
Key: amdsata
ImagePath: \SystemRoot\system32\drivers\amdsata.sys
C:\Windows\System32\drivers\amdsata.sys
107904 bytes
Created: 27.04.2011 18:56
Modified: 11.03.2011 08:41
Company: Advanced Micro Devices
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
43336 bytes
Created: 12.02.2014 17:50
Modified: 12.02.2014 17:50
Company: Apple Inc.
----------
Key: AVKProxy
ImagePath: "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe"
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
1548312 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 05:49
Company: G Data Software AG
----------
Key: AVKService
ImagePath: "D:\GData\AVK\AVKService.exe"
D:\GData\AVK\AVKService.exe
469016 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 05:47
Company: G Data Software AG
----------
Key: AVKWCtl
ImagePath: "D:\GData\AVK\AVKWCtlX64.exe"
D:\GData\AVK\AVKWCtlX64.exe
2012592 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 06:08
Company: G Data Software AG
----------
Key: avmaudio
ImagePath: system32\DRIVERS\avmaudio.sys
C:\Windows\System32\DRIVERS\avmaudio.sys
116096 bytes
Created: 08.01.2011 21:23
Modified: 08.01.2011 21:23
Company: AVM Berlin
----------
Key: avmaura
ImagePath: system32\DRIVERS\avmaura.sys
C:\Windows\System32\DRIVERS\avmaura.sys
116480 bytes
Created: 22.12.2012 11:27
Modified: 22.12.2012 11:26
Company: AVM Berlin
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
462184 bytes
Created: 30.08.2011 23:05
Modified: 30.08.2011 23:05
Company: Apple Inc.
----------
Key: CLKMSVC10_C19A2874
ImagePath: "D:\Cyberlink PowerDVD\PowerDVD9\NavFilter\kmsvc.exe" /svc
D:\Cyberlink PowerDVD\PowerDVD9\NavFilter\kmsvc.exe
247768 bytes
Created: 03.04.2013 16:07
Modified: 03.04.2013 16:07
Company: CyberLink
----------
Key: clr_optimization_v2.0.50727_32
ImagePath: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
66384 bytes
Created: 13.07.2009 22:46
Modified: 10.06.2009 23:23
Company: Microsoft Corporation
----------
Key: COMSysApp
ImagePath: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\Windows\System32\dllhost.exe
9728 bytes
Created: 14.07.2009 01:59
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
----------
Key: cvhsvc
ImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
822504 bytes
Created: 22.04.2013 10:02
Modified: 22.04.2013 10:02
Company: Microsoft Corporation
----------
Key: dg_ssudbus
ImagePath: system32\DRIVERS\ssudbus.sys
C:\Windows\System32\DRIVERS\ssudbus.sys
109056 bytes
Created: 01.04.2014 22:06
Modified: 19.03.2014 03:27
Company: DEVGURU Co., LTD.(www.devguru.co.kr)
----------
Key: Filetrace
ImagePath: system32\drivers\filetrace.sys
C:\Windows\System32\drivers\filetrace.sys
34304 bytes
Created: 14.07.2009 01:25
Modified: 14.07.2009 01:25
Company: Microsoft Corporation
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
1045256 bytes
Created: 06.01.2011 13:00
Modified: 06.01.2011 13:00
Company: Acresso Software Inc.
----------
Key: flpydisk
ImagePath: \SystemRoot\system32\DRIVERS\flpydisk.sys
C:\Windows\System32\DRIVERS\flpydisk.sys
24576 bytes
Created: 14.07.2009 02:00
Modified: 14.07.2009 02:00
Company: Microsoft Corporation
----------
Key: FsUsbExDisk
ImagePath: \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS
C:\Windows\SysWOW64\FsUsbExDisk.SYS
37344 bytes
Created: 22.02.2013 23:17
Modified: 05.02.2013 10:54
Company: [no info]
----------
Key: Garmin Core Update Service
ImagePath: "D:\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
D:\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
250712 bytes
Created: 30.12.2013 10:05
Modified: 30.12.2013 10:05
Company: Garmin Ltd or its subsidiaries
----------
Key: GDBehave
ImagePath: system32\drivers\GDBehave.sys
C:\Windows\System32\drivers\GDBehave.sys
54176 bytes
Created: 31.12.2010 12:25
Modified: 08.01.2013 13:21
Company: G Data Software AG
----------
Key: GDFwSvc
ImagePath: "D:\GData\Firewall\GDFwSvcx64.exe"
D:\GData\Firewall\GDFwSvcx64.exe
2377736 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 06:14
Company: G Data Software AG
----------
Key: GDMnIcpt
ImagePath: \??\C:\Windows\system32\drivers\MiniIcpt.sys
C:\Windows\System32\drivers\MiniIcpt.sys
126880 bytes
Created: 31.12.2010 12:24
Modified: 08.01.2013 13:21
Company: G Data Software AG
----------
Key: GdNetMon
ImagePath: \??\C:\Windows\system32\drivers\GdNetMon64.sys
C:\Windows\System32\drivers\GdNetMon64.sys
31608 bytes
Created: 31.10.2011 23:38
Modified: 31.10.2011 23:38
Company: G Data Software AG
----------
Key: GDPkIcpt
ImagePath: \??\C:\Windows\system32\drivers\PktIcpt.sys
C:\Windows\System32\drivers\PktIcpt.sys
62368 bytes
Created: 31.12.2010 12:25
Modified: 08.01.2013 13:23
Company: G Data Software AG
----------
Key: GDScan
ImagePath: "C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe"
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
470008 bytes
Created: 17.08.2012 16:29
Modified: 29.03.2012 04:42
Company: G Data Software AG
----------
Key: gdwfpcd
ImagePath: system32\drivers\gdwfpcd64.sys
C:\Windows\System32\drivers\gdwfpcd64.sys
65008 bytes
Created: 31.12.2010 12:24
Modified: 22.02.2013 23:08
Company: G Data Software AG
----------
Key: GRD
ImagePath: \??\C:\Windows\system32\drivers\GRD.sys
C:\Windows\System32\drivers\GRD.sys
106648 bytes
Created: 31.12.2010 13:21
Modified: 01.09.2012 13:15
Company: G Data Software
----------
Key: gusvc
ImagePath: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 04.01.2011 22:06
Modified: 11.06.2010 02:40
Company: Google
----------
Key: HECIx64
ImagePath: system32\DRIVERS\HECIx64.sys
C:\Windows\System32\DRIVERS\HECIx64.sys
56344 bytes
Created: 31.12.2010 12:37
Modified: 17.09.2009 13:54
Company: Intel Corporation
----------
Key: HookCentre
ImagePath: \??\C:\Windows\system32\drivers\HookCentre.sys
C:\Windows\System32\drivers\HookCentre.sys
64416 bytes
Created: 31.10.2011 23:38
Modified: 22.02.2013 23:08
Company: G Data Software AG
----------
Key: idsvc
ImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
856400 bytes
Created: 27.04.2011 22:51
Modified: 05.11.2010 03:52
Company: Microsoft Corporation
----------
Key: IEEtwCollectorService
ImagePath: %SystemRoot%\system32\IEEtwCollector.exe /V
C:\Windows\System32\IEEtwCollector.exe
111616 bytes
Created: 12.03.2014 18:23
Modified: 01.03.2014 06:33
Company: Microsoft Corporation
----------
Key: IGDCTRL
ImagePath: "C:\Program Files\FRITZ!DSL\IGDCTRL.EXE"
C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
88888 bytes
Created: 28.07.2009 17:10
Modified: 28.07.2009 17:10
Company: AVM Berlin
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RTKVHD64.sys
C:\Windows\System32\drivers\RTKVHD64.sys
2009376 bytes
Created: 27.08.2013 20:41
Modified: 06.10.2009 19:51
Company: Realtek Semiconductor Corp.
----------
Key: iPod Service
ImagePath: "C:\Program Files\iPod\bin\iPodService.exe"
C:\Program Files\iPod\bin\iPodService.exe
641352 bytes
Created: 21.02.2014 04:54
Modified: 21.02.2014 04:54
Company: Apple Inc.
----------
Key: k57nd60a
ImagePath: system32\DRIVERS\k57nd60a.sys
C:\Windows\System32\DRIVERS\k57nd60a.sys
321064 bytes
Created: 16.10.2009 03:32
Modified: 16.10.2009 03:32
Company: Broadcom Corporation
----------
Key: LBTServ
ImagePath: C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
359192 bytes
Created: 27.09.2011 21:04
Modified: 27.09.2011 21:04
Company: Logitech, Inc.
----------
Key: LMS
ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
268824 bytes
Created: 31.12.2010 12:38
Modified: 30.09.2009 20:02
Company: Intel Corporation
----------
Key: LUsbFilt
ImagePath: System32\Drivers\LUsbFilt.Sys
C:\Windows\System32\Drivers\LUsbFilt.Sys
42776 bytes
Created: 02.09.2011 08:30
Modified: 02.09.2011 08:30
Company: Logitech, Inc.
----------
Key: lvpepf64
ImagePath: system32\DRIVERS\lv302a64.sys
C:\Windows\System32\DRIVERS\lv302a64.sys
15768 bytes
Created: 26.07.2008 16:22
Modified: 26.07.2008 16:22
Company: Logitech Inc.
----------
Key: LVRS64
ImagePath: system32\DRIVERS\lvrs64.sys
C:\Windows\System32\DRIVERS\lvrs64.sys
790424 bytes
Created: 26.07.2008 16:25
Modified: 26.07.2008 16:25
Company: Logitech Inc.
----------
Key: LVUSBS64
ImagePath: system32\drivers\LVUSBS64.sys
C:\Windows\System32\drivers\LVUSBS64.sys
50072 bytes
Created: 26.07.2008 16:26
Modified: 26.07.2008 16:26
Company: Logitech Inc.
----------
Key: MozillaMaintenance
ImagePath: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
117656 bytes
Created: 22.08.2013 19:50
Modified: 14.08.2013 19:55
Company: Mozilla Foundation
----------
Key: NvStreamSvc
ImagePath: "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
14997280 bytes
Created: 09.09.2013 22:35
Modified: 27.08.2013 23:17
Company: NVIDIA Corporation
----------
Key: nvUpdatusService
ImagePath: "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
2155296 bytes
Created: 09.09.2013 22:29
Modified: 27.08.2013 23:16
Company: NVIDIA Corporation
----------
Key: nvvad_WaveExtensible
ImagePath: system32\drivers\nvvad64v.sys
C:\Windows\System32\drivers\nvvad64v.sys
39200 bytes
Created: 09.09.2013 22:35
Modified: 20.08.2013 15:33
Company: NVIDIA Corporation
----------
Key: PID_PEPI
ImagePath: system32\DRIVERS\LV302V64.SYS
C:\Windows\System32\DRIVERS\LV302V64.SYS
2624408 bytes
Created: 26.07.2008 16:22
Modified: 26.07.2008 16:22
Company: Logitech Inc.
----------
Key: rdpbus
ImagePath: \SystemRoot\system32\DRIVERS\rdpbus.sys
C:\Windows\System32\DRIVERS\rdpbus.sys
24064 bytes
Created: 14.07.2009 02:17
Modified: 14.07.2009 02:17
Company: Microsoft Corporation
----------
Key: RoxMediaDB10
ImagePath: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe"
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
1124848 bytes
Created: 26.06.2009 12:19
Modified: 26.06.2009 12:19
Company: Sonic Solutions
----------
Key: RxFilter
ImagePath: system32\DRIVERS\RxFilter.sys
C:\Windows\System32\DRIVERS\RxFilter.sys - [file not found to scan]
----------
Key: Serial
ImagePath: \SystemRoot\system32\DRIVERS\serial.sys
C:\Windows\System32\DRIVERS\serial.sys
94208 bytes
Created: 14.07.2009 02:00
Modified: 14.07.2009 02:00
Company: Brother Industries Ltd.
----------
Key: SessionLauncher
ImagePath: C:\Users\sauterch\AppData\Local\Temp\DX9\SessionLauncher.exe
C:\Users\sauterch\AppData\Local\Temp\DX9\SessionLauncher.exe - [file not found to scan]
----------
Key: Sftfs
ImagePath: system32\DRIVERS\Sftfslh.sys
C:\Windows\System32\DRIVERS\Sftfslh.sys
767144 bytes
Created: 26.06.2013 19:21
Modified: 26.06.2013 19:21
Company: Microsoft Corporation
----------
Key: sftlist
ImagePath: "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
523944 bytes
Created: 26.06.2013 19:21
Modified: 26.06.2013 19:21
Company: Microsoft Corporation
----------
Key: Sftplay
ImagePath: system32\DRIVERS\Sftplaylh.sys
C:\Windows\System32\DRIVERS\Sftplaylh.sys
273576 bytes
Created: 26.06.2013 19:21
Modified: 26.06.2013 19:21
Company: Microsoft Corporation
----------
Key: Sftredir
ImagePath: system32\DRIVERS\Sftredirlh.sys
C:\Windows\System32\DRIVERS\Sftredirlh.sys
28840 bytes
Created: 26.06.2013 19:21
Modified: 26.06.2013 19:21
Company: Microsoft Corporation
----------
Key: Sftvol
ImagePath: system32\DRIVERS\Sftvollh.sys
C:\Windows\System32\DRIVERS\Sftvollh.sys
23208 bytes
Created: 26.06.2013 19:21
Modified: 26.06.2013 19:21
Company: Microsoft Corporation
----------
Key: sftvsa
ImagePath: "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
207528 bytes
Created: 26.06.2013 19:21
Modified: 26.06.2013 19:21
Company: Microsoft Corporation
----------
Key: SkypeUpdate
ImagePath: D:\Skype\Updater\Updater.exe
D:\Skype\Updater\Updater.exe
-R- 172192 bytes
Created: 23.10.2013 09:15
Modified: 23.10.2013 09:15
Company: Skype Technologies
----------
Key: ssudmdm
ImagePath: system32\DRIVERS\ssudmdm.sys
C:\Windows\System32\DRIVERS\ssudmdm.sys
206080 bytes
Created: 01.04.2014 22:06
Modified: 19.03.2014 03:27
Company: DEVGURU Co., LTD.(www.devguru.co.kr)
----------
Key: stllssvr
ImagePath: "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
-R- 74392 bytes
Created: 30.04.2009 13:59
Modified: 30.04.2009 13:59
Company: MicroVision Development, Inc.
----------
Key: TuneUp.UtilitiesSvc
ImagePath: "D:\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
D:\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
2028864 bytes
Created: 13.12.2011 10:34
Modified: 13.12.2011 10:34
Company: TuneUp Software
----------
Key: TuneUpUtilitiesDrv
ImagePath: \??\D:\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
D:\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
11856 bytes
Created: 29.11.2010 20:27
Modified: 29.11.2010 20:27
Company: TuneUp Software
----------
Key: UNS
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2320920 bytes
Created: 31.12.2010 12:38
Modified: 30.09.2009 20:02
Company: Intel Corporation
----------
Key: wbengine
ImagePath: "%systemroot%\system32\wbengine.exe"
C:\Windows\System32\wbengine.exe
1504256 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:25
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:25
Company: Microsoft Corporation
----------
************************************************************
22:50:44: Scanning -----VXD ENTRIES-----
************************************************************
22:50:44: Scanning ----- ContextMenuHandlers -----
Key: PhotoStreamsExt
CLSID: {89D984B3-813B-406A-8298-118AFA3A22AE}
Path: C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll
C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll
600392 bytes
Created: 20.11.2013 16:43
Modified: 20.11.2013 16:43
Company: Apple Inc.
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: D:\TuneUp Utilities 2011\SDShelEx-win32.dll
D:\TuneUp Utilities 2011\SDShelEx-win32.dll
30016 bytes
Created: 13.12.2011 10:29
Modified: 13.12.2011 10:29
Company: TuneUp Software
----------
Key: VersionsPageShellExt
CLSID: {9E42900A-85F9-4E67-9778-575FBBA0A81C}
Path: D:\Acronis True Image_2011\versions_page.dll
D:\Acronis True Image_2011\versions_page.dll
128352 bytes
Created: 22.09.2011 23:22
Modified: 22.09.2011 23:22
Company: Acronis
----------
Key: {C539A15A-3AF9-4c92-B771-50CB78F5C751}
Path: D:\Acronis True Image_2011\tishell.dll
D:\Acronis True Image_2011\tishell.dll
1030536 bytes
Created: 22.09.2011 23:21
Modified: 22.09.2011 23:21
Company: Acronis
----------
************************************************************
22:50:44: Scanning ----- Folder\ColumnHandlers -----
No Folder\ColumnHandler entries found to scan
************************************************************
22:50:44: Scanning ----- 64-Bit ContextMenuHandlers -----
Key: 7-Zip
CLSID: {23170F69-40C1-278A-1000-000100020000}
Path: D:\7-Zip\7-zip.dll
D:\7-Zip\7-zip.dll
86016 bytes
Created: 18.11.2010 22:08
Modified: 18.11.2010 22:08
Company: Igor Pavlov
----------
Key: AVK9CM
CLSID: {CAF4C320-32F5-11D3-A222-004095200FF2}
Path: D:\GData\AVK\ShellExt64.dll
D:\GData\AVK\ShellExt64.dll
333848 bytes
Created: 17.08.2011 16:00
Modified: 21.05.2012 05:35
Company: G Data Software AG
----------
Key: PhotoStreamsExt
CLSID: {89D984B3-813B-406A-8298-118AFA3A22AE}
Path: C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
1242440 bytes
Created: 20.11.2013 16:43
Modified: 20.11.2013 16:43
Company: Apple Inc.
----------
Key: RXDCExtSvr
CLSID: {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
Path: C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll
C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll
145904 bytes
Created: 26.06.2009 12:31
Modified: 26.06.2009 12:31
Company: Sonic Solutions
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: D:\TuneUp Utilities 2011\SDShelEx-x64.dll
D:\TuneUp Utilities 2011\SDShelEx-x64.dll
28480 bytes
Created: 13.12.2011 10:29
Modified: 13.12.2011 10:29
Company: TuneUp Software
----------
Key: VersionsPageShellExt
CLSID: {9E42900A-85F9-4E67-9778-575FBBA0A81C}
Path: D:\Acronis True Image_2011\x64\versions_page.dll
D:\Acronis True Image_2011\x64\versions_page.dll
142176 bytes
Created: 22.09.2011 23:22
Modified: 22.09.2011 23:22
Company: Acronis
----------
Key: {C539A15A-3AF9-4c92-B771-50CB78F5C751}
Path: D:\Acronis True Image_2011\tishell64.dll
D:\Acronis True Image_2011\tishell64.dll
1246088 bytes
Created: 22.09.2011 23:22
Modified: 22.09.2011 23:22
Company: Acronis
----------
************************************************************
22:50:45: Scanning ----- 64-Bit Folder\ColumnHandlers -----
No Folder\ColumnHandler entries found to scan
************************************************************
22:50:45: Scanning ----- Browser Helper Objects -----
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: D:\Java\bin\ssv.dll
D:\Java\bin\ssv.dll
462760 bytes
Created: 20.10.2013 13:37
Modified: 18.12.2013 22:07
Company: Oracle Corporation
----------
Key: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}
BHO: C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
52728 bytes
Created: 10.08.2011 17:31
Modified: 27.01.2012 15:40
Company: G Data Software AG
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: D:\Java\bin\jp2ssv.dll
D:\Java\bin\jp2ssv.dll
171944 bytes
Created: 20.10.2013 13:37
Modified: 18.12.2013 22:05
Company: Oracle Corporation
----------
************************************************************
22:50:45: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre7\bin\ssv.dll
C:\Program Files\Java\jre7\bin\ssv.dll
553384 bytes
Created: 20.10.2013 13:25
Modified: 20.10.2013 13:25
Company: Oracle Corporation
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
529664 bytes
Created: 17.07.2012 15:17
Modified: 17.07.2012 15:17
Company: Microsoft Corp.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre7\bin\jp2ssv.dll
C:\Program Files\Java\jre7\bin\jp2ssv.dll
210856 bytes
Created: 20.10.2013 13:25
Modified: 20.10.2013 13:25
Company: Oracle Corporation
----------
************************************************************
22:50:45: Scanning ----- ShellServiceObjectDelayLoad Entries -----
************************************************************
22:50:45: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----
************************************************************
22:50:45: Scanning ----- ShellServiceObjects -----
************************************************************
22:50:48: Scanning ----- 64-Bit ShellServiceObjects -----
************************************************************
22:50:50: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan
************************************************************
22:50:50: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
22:50:50: Scanning ----- APPINIT_DLLS -----
No AppInit_DLLs value found to check
************************************************************
22:50:50: Scanning ----- 64-Bit APPINIT_DLLS -----
No AppInit_DLLs value found to check
************************************************************
22:50:51: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
22:50:51: Scanning ----- CREDENTIAL PROVIDERS -----
************************************************************
22:50:52: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14.07.2009 06:54
Modified: 14.07.2009 06:54
Company: [no info]
--------------------
************************************************************
22:50:52: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: sauterch
[C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 30.12.2010 22:36
Modified: 15.09.2013 21:53
Company: [no info]
----------
--------------------
************************************************************
22:50:52: Scanning ----- SCHEDULED TASKS -----
Taskname: {00713CB9-7ED8-4245-BF9E-CC03CC38DF87}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
275568 bytes
Created: 31.03.2014 21:47
Modified: 31.03.2014 21:47
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {055FCA50-8DE4-4486-B42F-147BF36C5FC7}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
275568 bytes
Created: 31.03.2014 21:47
Modified: 31.03.2014 21:47
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {400197BC-65DC-41D5-945A-2EF9298838F1}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
275568 bytes
Created: 31.03.2014 21:47
Modified: 31.03.2014 21:47
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.115/de/go/help.faq.installer?LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {5C00BB8D-3F7F-4CA2-8BC1-AD073F5AD5FD}
File: C:\Program Files (x86)\Skype\Phone\Skype.exe
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
C:\Program Files (x86)\Skype\Phone\Skype.exe - [file not found to scan]
----------
Taskname: {5DB2831F-AD6A-4A83-9274-E33CF6B93952}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
275568 bytes
Created: 31.03.2014 21:47
Modified: 31.03.2014 21:47
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?source=lightinstaller&LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetupLight
Comments:
----------
Taskname: {8356B895-1E2D-4985-90C0-600205F330C9}
File: C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
2677232 bytes
Created: 22.06.2009 12:36
Modified: 22.06.2009 12:36
Company:
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator:
Comments:
----------
Taskname: {DD5500C3-E770-42ED-99DC-084BABEC91FA}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
275568 bytes
Created: 31.03.2014 21:47
Modified: 31.03.2014 21:47
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {E41299EE-6113-4D8D-BDEC-716F782CDE0E}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
275568 bytes
Created: 31.03.2014 21:47
Modified: 31.03.2014 21:47
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: Adobe Flash Player Updater
File: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
257928 bytes
Created: 07.03.2013 17:27
Modified: 12.03.2014 22:25
Company: Adobe Systems Incorporated
Schedule: At 01:25:00 every day
Next Run Time: 03.04.2014 23:25:00
Status: Ready
Creator: Adobe Systems Incorporated
Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname: CCleanerSkipUAC
File: D:\CCleaner\CCleaner.exe
D:\CCleaner\CCleaner.exe
4324120 bytes
Created: 22.11.2013 15:42
Modified: 22.11.2013 15:42
Company: Piriform Ltd
Parameters: $(Arg0)
Schedule: Task not scheduled
Next Run Time:
Status: Ready
Creator: Piriform Ltd
Comments:
----------
Taskname: Divx-Online-Aktualisierungsprogramm
File: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Parameters: /CHECKNOW
Schedule: At 10:00:00 every Montag of every week, starting 01.01.2009
Next Run Time: 07.04.2014 10:00:00
Status: Ready
Creator: TuneUp
Comments: tuident:2123EDB4
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe - [file not found to scan]
----------
Taskname: DriverScanner
File: D:\DriverScanner\DriverScanner\dsmonitor.exe
D:\DriverScanner\DriverScanner\dsmonitor.exe
25464 bytes
Created: 17.11.2011 23:11
Modified: 05.09.2011 17:20
Company: Uniblue Systems Limited
Schedule: At logon
Next Run Time:
Status: Ready
Creator: sauterch
Comments:
----------
Taskname: Java Update Scheduler
File: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
254336 bytes
Created: 02.07.2013 09:16
Modified: 02.07.2013 09:16
Company: Oracle Corporation
Schedule: At 10:00:00 every Montag of every week, starting 01.01.2009
Next Run Time: 07.04.2014 10:00:00
Status: Ready
Creator: TuneUp
Comments: tuident:78C4302E
----------
Taskname: SidebarExecute
File: C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
1174016 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 14:17
Company: Microsoft Corporation
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator:
Comments:
----------
Taskname: Trojan Remover Scheduled Updates
File: D:\Trojan Remover\trupd.exe
D:\Trojan Remover\trupd.exe
1219336 bytes
Created: 25.08.2013 20:52
Modified: 30.12.2013 20:21
Company: Simply Super Software
Parameters: /silent
Schedule: At 19:04:20 every day
Next Run Time: 04.04.2014 19:04:20
Status: Ready
Creator: sauterch-PC\sauterch
Comments: Automatically checks for updates at the selected date/time
----------
Taskname: TuneUpUtilities_Task_BkGndMaintenance2011
File: D:\TuneUp Utilities 2011\OneClick.exe
D:\TuneUp Utilities 2011\OneClick.exe
603968 bytes
Created: 13.12.2011 10:37
Modified: 13.12.2011 10:37
Company: TuneUp Software
Parameters: $(Arg0)
Schedule: Task not scheduled
Next Run Time:
Status: Ready
Creator:
Comments:
----------
Taskname: User_Feed_Synchronization-{E65FAF42-D005-4209-8259-34AE0371B7A1}
File: C:\Windows\System32\msfeedssync.exe
C:\Windows\System32\msfeedssync.exe
13312 bytes
Created: 31.12.2013 10:43
Modified: 31.12.2013 10:43
Company: Microsoft Corporation
Parameters: sync
Schedule: At 19:34:48 every day
Next Run Time: 04.04.2014 21:34:48
Status: Ready
Creator: sauterch-PC\sauterch
Comments: Aktualisiert veraltete Systemfeeds.
----------
************************************************************
22:50:54: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\Windows\SysWoW64\ntshrui.dll
442880 bytes
Created: 18.02.2012 11:28
Modified: 04.01.2012 10:58
Company: Microsoft Corporation
----------
************************************************************
22:50:54: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.i420
File: lvcodec2.dll
C:\Windows\SysWoW64\lvcodec2.dll
416280 bytes
Created: 26.07.2008 16:23
Modified: 26.07.2008 16:23
Company: Logitech Inc.
----------
Value: msacm.l3acm
File: C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created: 14.07.2009 02:07
Modified: 14.07.2009 03:14
Company: Fraunhofer Institut Integrierte Schaltungen IIS
----------
************************************************************
22:50:54: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
144595 bytes
Created: 30.12.2010 22:36
Modified: 30.08.2013 21:04
Company: [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
----------
Additional checks completed
************************************************************
22:50:55: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
112640 bytes
Created: 12.09.2013 18:17
Modified: 02.08.2013 02:59
Company: Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created: 14.07.2009 01:19
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created: 14.07.2009 01:52
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created: 14.07.2009 01:19
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
390656 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:25
Company: Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:24
Company: Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created: 14.07.2009 01:31
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1203488 bytes
Created: 09.09.2013 22:29
Modified: 08.02.2014 19:42
Company: NVIDIA Corporation
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
223488 bytes
Created: 17.07.2012 15:14
Modified: 17.07.2012 15:14
Company: Microsoft Corp.
--------------------
C:\Windows\System32\WUDFHost.exe
229888 bytes
Created: 17.11.2012 01:28
Modified: 26.07.2012 05:08
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
283640 bytes
Created: 28.07.2011 03:59
Modified: 27.01.2012 05:49
Company: G Data Software AG
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created: 09.01.2013 20:53
Modified: 23.11.2012 05:13
Company: Microsoft Corporation
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created: 14.07.2009 01:37
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
D:\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
786240 bytes
Created: 13.12.2011 10:34
Modified: 13.12.2011 10:34
Company: TuneUp Software
--------------------
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
231704 bytes
Created: 27.09.2011 21:05
Modified: 27.09.2011 21:05
Company: Logitech, Inc.
--------------------
C:\Users\sauterch\AppData\Local\Apps\2.0\N7JC67JJ.28D\EXZ09BGP.07J\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
333152 bytes
Created: 30.12.2013 20:34
Modified: 30.12.2013 20:34
Company: AVM Berlin
--------------------
C:\Windows\System32\conhost.exe
338432 bytes
Created: 12.09.2013 18:16
Modified: 02.08.2013 03:09
Company: Microsoft Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2448160 bytes
Created: 09.09.2013 22:29
Modified: 08.02.2014 19:42
Company: NVIDIA Corporation
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created: 30.06.2011 17:55
Modified: 04.05.2011 07:19
Company: Microsoft Corporation
--------------------
F:\Mozilla Download\Samsung Backup\UBTv1.3.2\adb.exe
815104 bytes
Created: 15.11.2012 20:46
Modified: 12.03.2014 21:09
Company: [no info]
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created: 30.06.2011 17:55
Modified: 04.05.2011 07:19
Company: Microsoft Corporation
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created: 30.06.2011 17:55
Modified: 04.05.2011 07:19
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wbem\WmiPrvSE.exe
372736 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:25
Company: Microsoft Corporation
--------------------
D:\Trojan Remover\Rmvtrjan.exe
FileSize: 5491224
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
22:50:57: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8ff9e2c0-c955-4d2e-a461-0606362ab29b&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 22:50:57 03 Apr 2014
Total Scan time: 00:00:56
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.9.1.2629. For information, email support@simplysup.com
[Registered to: sauterch@yahoo.de]
Scan started at: 22:49:16 03 Apr 2014
Using Database v8344
Operating System: Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System: NTFS
User Account Control is Enabled
[Secure Desktop Prompt is DISABLED]
UserData directory: C:\Users\sauterch\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\sauterch\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: D:\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on C:\Users\sauterch\Desktop\Bilder
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
------------------------------
Scan stopped by user after 58 files were checked
No Malware files detected
Scan stopped at: 03.04.2014 22:49:26
Total Scan time: 00:00:09
************************************************************
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.9.1.2629. For information, email support@simplysup.com
[Registered to: sauterch@yahoo.de]
Scan started at: 22:47:22 03 Apr 2014
Using Database v8339
Operating System: Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System: NTFS
User Account Control is Enabled
[Secure Desktop Prompt is DISABLED]
UserData directory: C:\Users\sauterch\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\sauterch\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: D:\Trojan Remover\
Running with Administrator privileges
************************************************************
Carrying out scan on C:\Users\sauterch\Desktop\Bilder
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
------------------------------
124 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 22:47:33 03 Apr 2014
Total Scan time: 00:00:10
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.9.0.2628. For information, email support@simplysup.com
[Registered to: sauterch@yahoo.de]
Scan started at: 14:53:33 02 Feb 2014
Using Database v8307
Operating System: Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601]
File System: NTFS
User Account Control is Enabled
[Secure Desktop Prompt is DISABLED]
UserData directory: C:\Users\sauterch\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\sauterch\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: D:\Trojan Remover\
Running with Administrator privileges
************************************************************
14:53:34: ----- Checking Default File Associations -----
No modified default file associations detected
************************************************************
14:53:34: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
14:53:35: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2871808 bytes
Created: 27.04.2011 17:56
Modified: 25.02.2011 07:19
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe
30720 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:25
Company: Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [G Data AntiVirus Tray Application]
Value Data: [D:\GData\AVKTray\AVKTray.exe]
D:\GData\AVKTray\AVKTray.exe
1035216 bytes
Created: 22.02.2013 22:08
Modified: 09.01.2013 13:01
Company: G Data Software AG
--------------------
Value Name: [GDFirewallTray]
Value Data: [D:\GData\Firewall\GDFirewallTray.exe]
D:\GData\Firewall\GDFirewallTray.exe
1475096 bytes
Created: 08.01.2013 12:21
Modified: 29.11.2012 05:20
Company: G Data Software AG
--------------------
Value Name: [TrojanScanner]
Value Data: [D:\Trojan Remover\Trjscan.exe /boot]
D:\Trojan Remover\Trjscan.exe
1704720 bytes
Created: 25.08.2013 19:52
Modified: 02.02.2014 14:52
Company: Simply Super Software
--------------------
Value Name: [IMSS]
Value Data: ["C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"]
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
111640 bytes
Created: 31.12.2010 11:38
Modified: 30.09.2009 19:02
Company:
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [Sidebar]
Value Data: [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun]
C:\Program Files\Windows Sidebar\sidebar.exe
1475584 bytes
Created: 27.04.2011 21:52
Modified: 20.11.2010 14:25
Company: Microsoft Corporation
--------------------
Value Name: [ctfmon.exe]
Value Data: ["C:\Windows\system32\ctfmon.exe"]
C:\Windows\SysWoW64\ctfmon.exe
8704 bytes
Created: 14.07.2009 00:26
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------
Value Name: []
Value Data: [D:\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe Run]
D:\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe
845168 bytes
Created: 29.11.2011 20:58
Modified: 06.11.2013 02:55
Company: Samsung
--------------------
Value Name: [AVMUSBFernanschluss]
Value Data: ["C:\Users\sauterch\AppData\Local\Apps\2.0\N7JC67JJ.28D\EXZ09BGP.07J\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe"]
C:\Users\sauterch\AppData\Local\Apps\2.0\N7JC67JJ.28D\EXZ09BGP.07J\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\AVMAutoStart.exe
139264 bytes
Created: 30.12.2013 19:34
Modified: 30.12.2013 19:34
Company: AVM Berlin
--------------------
Value Name: [GarminExpressTrayApp]
Value Data: ["D:\Garmin\Express Tray\ExpressTray.exe"]
D:\Garmin\Express Tray\ExpressTray.exe
1095000 bytes
Created: 30.12.2013 09:05
Modified: 30.12.2013 09:05
Company: Garmin Ltd or its subsidiaries
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: [Uninstall C:\Users\sauterch\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64]
Value Data: [C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sauterch\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"]
rmdir /s /q C:\Users\sauterch\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64 - [file not found to scan]
************************************************************
14:53:37: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [Acronis Scheduler2 Service]
Value Data: ["C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"]
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
391240 bytes
Created: 06.12.2010 06:55
Modified: 06.12.2010 06:55
Company: Acronis
--------------------
Value Name: [EvtMgr6]
Value Data: [D:\Logitech\SetPointP\SetPoint.exe /launchGaming]
D:\Logitech\SetPointP\SetPoint.exe
1744152 bytes
Created: 07.10.2011 10:38
Modified: 07.10.2011 10:38
Company: Logitech, Inc.
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
14:53:38: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty
************************************************************
14:53:38: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
14:53:38: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\SysWOW64\Cities.scr
C:\Windows\SysWOW64\Cities.scr
2789376 bytes
Created: 20.10.2013 17:23
Modified: 23.09.2007 22:08
Company: Screenomania.com
--------------------
************************************************************
14:53:38: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\SysWoW64\ie4uinit.exe - [file not found to scan]
----------
C:\Program Files (x86)\Windows Mail\WinMail.exe
************************************************************
14:53:38: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: UxTuneUp
Path: %SystemRoot%\System32\uxtuneup.dll
C:\Windows\System32\uxtuneup.dll
36160 bytes
Created: 15.01.2011 16:11
Modified: 13.12.2011 09:29
Company: TuneUp Software
--------------------
Key: wuauserv
Path: C:\Windows\system32\wuaueng.dll
C:\Windows\System32\wuaueng.dll
2428952 bytes
Created: 22.06.2012 17:39
Modified: 02.06.2012 23:19
Company: Microsoft Corporation
--------------------
************************************************************
14:53:39: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AAV UpdateService
ImagePath: D:\Steuer-Spar-Erklaerung\AAVUpdateManager\aavus.exe
D:\Steuer-Spar-Erklaerung\AAVUpdateManager\aavus.exe
128296 bytes
Created: 24.10.2008 15:35
Modified: 24.10.2008 15:35
Company:
----------
Key: AcrSch2Svc
ImagePath: "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1112744 bytes
Created: 06.12.2010 06:55
Modified: 06.12.2010 06:55
Company: Acronis
----------
Key: AdobeFlashPlayerUpdateSvc
ImagePath: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
257928 bytes
Created: 07.03.2013 16:27
Modified: 18.01.2014 16:22
Company: Adobe Systems Incorporated
----------
Key: afcdp
ImagePath: system32\DRIVERS\afcdp.sys
C:\Windows\System32\DRIVERS\afcdp.sys
285280 bytes
Created: 06.03.2012 10:59
Modified: 06.03.2012 10:59
Company: Acronis
----------
Key: afcdpsrv
ImagePath: C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
3246040 bytes
Created: 06.03.2012 10:59
Modified: 06.03.2012 10:59
Company: Acronis
----------
Key: amdsata
ImagePath: \SystemRoot\system32\drivers\amdsata.sys
C:\Windows\System32\drivers\amdsata.sys
107904 bytes
Created: 27.04.2011 17:56
Modified: 11.03.2011 07:41
Company: Advanced Micro Devices
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
55624 bytes
Created: 07.09.2013 09:13
Modified: 07.09.2013 09:13
Company: Apple Inc.
----------
Key: atapi
ImagePath: system32\drivers\atapi.sys
C:\Windows\System32\drivers\atapi.sys
24128 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:52
Company: Microsoft Corporation
----------
Key: AVKProxy
ImagePath: "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe"
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
1548312 bytes
Created: 08.01.2013 12:21
Modified: 29.11.2012 04:49
Company: G Data Software AG
----------
Key: AVKService
ImagePath: "D:\GData\AVK\AVKService.exe"
D:\GData\AVK\AVKService.exe
469016 bytes
Created: 08.01.2013 12:21
Modified: 29.11.2012 04:47
Company: G Data Software AG
----------
Key: AVKWCtl
ImagePath: "D:\GData\AVK\AVKWCtlX64.exe"
D:\GData\AVK\AVKWCtlX64.exe
2012592 bytes
Created: 08.01.2013 12:21
Modified: 29.11.2012 05:08
Company: G Data Software AG
----------
Key: avmaudio
ImagePath: system32\DRIVERS\avmaudio.sys
C:\Windows\System32\DRIVERS\avmaudio.sys
116096 bytes
Created: 08.01.2011 20:23
Modified: 08.01.2011 20:23
Company: AVM Berlin
----------
Key: avmaura
ImagePath: system32\DRIVERS\avmaura.sys
C:\Windows\System32\DRIVERS\avmaura.sys
116480 bytes
Created: 22.12.2012 10:27
Modified: 22.12.2012 10:26
Company: AVM Berlin
----------
Key: b06bdrv
ImagePath: \SystemRoot\system32\DRIVERS\bxvbda.sys
C:\Windows\System32\DRIVERS\bxvbda.sys
468480 bytes
Created: 10.06.2009 21:34
Modified: 10.06.2009 21:34
Company: Broadcom Corporation
----------
Key: b57nd60a
ImagePath: system32\DRIVERS\b57nd60a.sys
C:\Windows\System32\DRIVERS\b57nd60a.sys
270848 bytes
Created: 10.06.2009 21:34
Modified: 10.06.2009 21:34
Company: Broadcom Corporation
----------
Key: CLKMSVC10_C19A2874
ImagePath: "D:\Cyberlink PowerDVD\PowerDVD9\NavFilter\kmsvc.exe" /svc
D:\Cyberlink PowerDVD\PowerDVD9\NavFilter\kmsvc.exe
232944 bytes
Created: 26.04.2010 18:10
Modified: 26.04.2010 18:10
Company: CyberLink
----------
Key: clr_optimization_v2.0.50727_64
ImagePath: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
89920 bytes
Created: 13.07.2009 21:37
Modified: 10.06.2009 21:39
Company: Microsoft Corporation
----------
Key: clr_optimization_v4.0.30319_32
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
105144 bytes
Created: 11.09.2013 21:21
Modified: 11.09.2013 21:21
Company: Microsoft Corporation
----------
Key: clr_optimization_v4.0.30319_64
ImagePath: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
124088 bytes
Created: 11.09.2013 19:39
Modified: 11.09.2013 19:39
Company: Microsoft Corporation
----------
Key: CompositeBus
ImagePath: \SystemRoot\system32\drivers\CompositeBus.sys
C:\Windows\System32\drivers\CompositeBus.sys
38912 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 11:33
Company: Microsoft Corporation
----------
Key: cvhsvc
ImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
822504 bytes
Created: 22.04.2013 09:02
Modified: 22.04.2013 09:02
Company: Microsoft Corporation
----------
Key: dg_ssudbus
ImagePath: system32\DRIVERS\ssudbus.sys
C:\Windows\System32\DRIVERS\ssudbus.sys
107288 bytes
Created: 28.10.2013 01:12
Modified: 28.10.2013 01:12
Company: DEVGURU Co., LTD.(www.devguru.co.kr)
----------
Key: drmkaud
ImagePath: \SystemRoot\system32\drivers\drmkaud.sys
C:\Windows\System32\drivers\drmkaud.sys
5632 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: ebdrv
ImagePath: \SystemRoot\system32\DRIVERS\evbda.sys
C:\Windows\System32\DRIVERS\evbda.sys
3286016 bytes
Created: 10.06.2009 21:34
Modified: 10.06.2009 21:34
Company: Broadcom Corporation
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
1045256 bytes
Created: 06.01.2011 12:00
Modified: 06.01.2011 12:00
Company: Acresso Software Inc.
----------
Key: FontCache3.0.0.0
ImagePath: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
42856 bytes
Created: 27.04.2011 21:51
Modified: 05.11.2010 02:53
Company: Microsoft Corporation
----------
Key: FsUsbExDisk
ImagePath: \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS
C:\Windows\SysWOW64\FsUsbExDisk.SYS
37344 bytes
Created: 22.02.2013 22:17
Modified: 05.02.2013 09:54
Company: [no info]
----------
Key: Garmin Core Update Service
ImagePath: "D:\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
D:\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
250712 bytes
Created: 30.12.2013 09:05
Modified: 30.12.2013 09:05
Company: Garmin Ltd or its subsidiaries
----------
Key: GDBehave
ImagePath: system32\drivers\GDBehave.sys
C:\Windows\System32\drivers\GDBehave.sys
54176 bytes
Created: 31.12.2010 11:25
Modified: 08.01.2013 12:21
Company: G Data Software AG
----------
Key: GDFwSvc
ImagePath: "D:\GData\Firewall\GDFwSvcx64.exe"
D:\GData\Firewall\GDFwSvcx64.exe
2377736 bytes
Created: 08.01.2013 12:21
Modified: 29.11.2012 05:14
Company: G Data Software AG
----------
Key: GDMnIcpt
ImagePath: \??\C:\Windows\system32\drivers\MiniIcpt.sys
C:\Windows\System32\drivers\MiniIcpt.sys
126880 bytes
Created: 31.12.2010 11:24
Modified: 08.01.2013 12:21
Company: G Data Software AG
----------
Key: GdNetMon
ImagePath: \??\C:\Windows\system32\drivers\GdNetMon64.sys
C:\Windows\System32\drivers\GdNetMon64.sys
31608 bytes
Created: 31.10.2011 22:38
Modified: 31.10.2011 22:38
Company: G Data Software AG
----------
Key: GDPkIcpt
ImagePath: \??\C:\Windows\system32\drivers\PktIcpt.sys
C:\Windows\System32\drivers\PktIcpt.sys
62368 bytes
Created: 31.12.2010 11:25
Modified: 08.01.2013 12:23
Company: G Data Software AG
----------
Key: GDScan
ImagePath: "C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe"
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
470008 bytes
Created: 17.08.2012 15:29
Modified: 29.03.2012 03:42
Company: G Data Software AG
----------
Key: gdwfpcd
ImagePath: system32\drivers\gdwfpcd64.sys
C:\Windows\System32\drivers\gdwfpcd64.sys
65008 bytes
Created: 31.12.2010 11:24
Modified: 22.02.2013 22:08
Company: G Data Software AG
----------
Key: GRD
ImagePath: \??\C:\Windows\system32\drivers\GRD.sys
C:\Windows\System32\drivers\GRD.sys
106648 bytes
Created: 31.12.2010 12:21
Modified: 01.09.2012 12:15
Company: G Data Software
----------
Key: gusvc
ImagePath: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 04.01.2011 21:06
Modified: 11.06.2010 01:40
Company: Google
----------
Key: HECIx64
ImagePath: system32\DRIVERS\HECIx64.sys
C:\Windows\System32\DRIVERS\HECIx64.sys
56344 bytes
Created: 31.12.2010 11:37
Modified: 17.09.2009 12:54
Company: Intel Corporation
----------
Key: HidUsb
ImagePath: \SystemRoot\system32\drivers\hidusb.sys
C:\Windows\System32\drivers\hidusb.sys
30208 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 11:43
Company: Microsoft Corporation
----------
Key: HookCentre
ImagePath: \??\C:\Windows\system32\drivers\HookCentre.sys
C:\Windows\System32\drivers\HookCentre.sys
64416 bytes
Created: 31.10.2011 22:38
Modified: 22.02.2013 22:08
Company: G Data Software AG
----------
Key: iaStorV
ImagePath: \SystemRoot\system32\drivers\iaStorV.sys
C:\Windows\System32\drivers\iaStorV.sys
410496 bytes
Created: 27.04.2011 17:56
Modified: 11.03.2011 07:41
Company: Intel Corporation
----------
Key: idsvc
ImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
856400 bytes
Created: 27.04.2011 21:51
Modified: 05.11.2010 02:52
Company: Microsoft Corporation
----------
Key: IEEtwCollectorService
ImagePath: %SystemRoot%\system32\IEEtwCollector.exe /V
C:\Windows\System32\IEEtwCollector.exe
111616 bytes
Created: 31.12.2013 11:54
Modified: 26.11.2013 10:18
Company: Microsoft Corporation
----------
Key: IGDCTRL
ImagePath: "C:\Program Files\FRITZ!DSL\IGDCTRL.EXE"
C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
88888 bytes
Created: 28.07.2009 16:10
Modified: 28.07.2009 16:10
Company: AVM Berlin
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RTKVHD64.sys
C:\Windows\System32\drivers\RTKVHD64.sys
2009376 bytes
Created: 27.08.2013 19:41
Modified: 06.10.2009 18:51
Company: Realtek Semiconductor Corp.
----------
Key: k57nd60a
ImagePath: system32\DRIVERS\k57nd60a.sys
C:\Windows\System32\DRIVERS\k57nd60a.sys
321064 bytes
Created: 16.10.2009 02:32
Modified: 16.10.2009 02:32
Company: Broadcom Corporation
----------
Key: ksthunk
ImagePath: \SystemRoot\system32\drivers\ksthunk.sys
C:\Windows\System32\drivers\ksthunk.sys
20992 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: LBTServ
ImagePath: C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
359192 bytes
Created: 27.09.2011 20:04
Modified: 27.09.2011 20:04
Company: Logitech, Inc.
----------
Key: LMS
ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
268824 bytes
Created: 31.12.2010 11:38
Modified: 30.09.2009 19:02
Company: Intel Corporation
----------
Key: LUsbFilt
ImagePath: System32\Drivers\LUsbFilt.Sys
C:\Windows\System32\Drivers\LUsbFilt.Sys
42776 bytes
Created: 02.09.2011 07:30
Modified: 02.09.2011 07:30
Company: Logitech, Inc.
----------
Key: lvpepf64
ImagePath: system32\DRIVERS\lv302a64.sys
C:\Windows\System32\DRIVERS\lv302a64.sys
15768 bytes
Created: 26.07.2008 15:22
Modified: 26.07.2008 15:22
Company: Logitech Inc.
----------
Key: LVRS64
ImagePath: system32\DRIVERS\lvrs64.sys
C:\Windows\System32\DRIVERS\lvrs64.sys
790424 bytes
Created: 26.07.2008 15:25
Modified: 26.07.2008 15:25
Company: Logitech Inc.
----------
Key: LVUSBS64
ImagePath: system32\drivers\LVUSBS64.sys
C:\Windows\System32\drivers\LVUSBS64.sys
50072 bytes
Created: 26.07.2008 15:26
Modified: 26.07.2008 15:26
Company: Logitech Inc.
----------
Key: MozillaMaintenance
ImagePath: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
117656 bytes
Created: 22.08.2013 18:50
Modified: 14.08.2013 18:55
Company: Mozilla Foundation
----------
Key: mssmbios
ImagePath: \SystemRoot\system32\drivers\mssmbios.sys
C:\Windows\System32\drivers\mssmbios.sys
32320 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: NVHDA
ImagePath: system32\drivers\nvhda64v.sys
C:\Windows\System32\drivers\nvhda64v.sys
194848 bytes
Created: 09.09.2013 21:27
Modified: 25.02.2013 06:27
Company: NVIDIA Corporation
----------
Key: NvStreamSvc
ImagePath: "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
14997280 bytes
Created: 09.09.2013 21:35
Modified: 27.08.2013 22:17
Company: NVIDIA Corporation
----------
Key: nvsvc
ImagePath: "C:\Windows\system32\nvvsvc.exe"
C:\Windows\System32\nvvsvc.exe
893728 bytes
Created: 09.09.2013 21:29
Modified: 09.08.2013 21:07
Company: NVIDIA Corporation
----------
Key: nvUpdatusService
ImagePath: "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
2155296 bytes
Created: 09.09.2013 21:29
Modified: 27.08.2013 22:16
Company: NVIDIA Corporation
----------
Key: nvvad_WaveExtensible
ImagePath: system32\drivers\nvvad64v.sys
C:\Windows\System32\drivers\nvvad64v.sys
39200 bytes
Created: 09.09.2013 21:35
Modified: 20.08.2013 14:33
Company: NVIDIA Corporation
----------
Key: ose
ImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
149352 bytes
Created: 09.01.2010 21:18
Modified: 09.01.2010 21:18
Company: Microsoft Corporation
----------
Key: osppsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4925184 bytes
Created: 09.01.2010 21:34
Modified: 09.01.2010 21:34
Company: Microsoft Corporation
----------
Key: PerfHost
ImagePath: %SystemRoot%\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
20992 bytes
Created: 14.07.2009 00:11
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
----------
Key: PID_PEPI
ImagePath: system32\DRIVERS\LV302V64.SYS
C:\Windows\System32\DRIVERS\LV302V64.SYS
2624408 bytes
Created: 26.07.2008 15:22
Modified: 26.07.2008 15:22
Company: Logitech Inc.
----------
Key: PxHlpa64
ImagePath: System32\Drivers\PxHlpa64.sys
C:\Windows\System32\Drivers\PxHlpa64.sys
55856 bytes
Created: 06.01.2011 12:58
Modified: 04.03.2011 20:44
Company: Sonic Solutions
----------
Key: rdpbus
ImagePath: \SystemRoot\system32\DRIVERS\rdpbus.sys
C:\Windows\System32\DRIVERS\rdpbus.sys
24064 bytes
Created: 14.07.2009 01:17
Modified: 14.07.2009 01:17
Company: Microsoft Corporation
----------
Key: RdpVideoMiniport
ImagePath: System32\drivers\rdpvideominiport.sys
C:\Windows\System32\drivers\rdpvideominiport.sys
19456 bytes
Created: 15.12.2012 01:23
Modified: 23.08.2012 15:10
Company: Microsoft Corporation
----------
Key: RoxMediaDB10
ImagePath: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe"
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
1124848 bytes
Created: 26.06.2009 11:19
Modified: 26.06.2009 11:19
Company: Sonic Solutions
----------
Key: RxFilter
ImagePath: system32\DRIVERS\RxFilter.sys
C:\Windows\System32\DRIVERS\RxFilter.sys - [file not found to scan]
----------
Key: Serenum
ImagePath: \SystemRoot\system32\DRIVERS\serenum.sys
C:\Windows\System32\DRIVERS\serenum.sys
23552 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\DRIVERS\serial.sys
C:\Windows\System32\DRIVERS\serial.sys
94208 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Brother Industries Ltd.
----------
Key: SessionLauncher
ImagePath: C:\Users\sauterch\AppData\Local\Temp\DX9\SessionLauncher.exe
C:\Users\sauterch\AppData\Local\Temp\DX9\SessionLauncher.exe - [file not found to scan]
----------
Key: Sftfs
ImagePath: system32\DRIVERS\Sftfslh.sys
C:\Windows\System32\DRIVERS\Sftfslh.sys
767144 bytes
Created: 26.06.2013 18:21
Modified: 26.06.2013 18:21
Company: Microsoft Corporation
----------
Key: sftlist
ImagePath: "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
523944 bytes
Created: 26.06.2013 18:21
Modified: 26.06.2013 18:21
Company: Microsoft Corporation
----------
Key: Sftplay
ImagePath: system32\DRIVERS\Sftplaylh.sys
C:\Windows\System32\DRIVERS\Sftplaylh.sys
273576 bytes
Created: 26.06.2013 18:21
Modified: 26.06.2013 18:21
Company: Microsoft Corporation
----------
Key: Sftredir
ImagePath: system32\DRIVERS\Sftredirlh.sys
C:\Windows\System32\DRIVERS\Sftredirlh.sys
28840 bytes
Created: 26.06.2013 18:21
Modified: 26.06.2013 18:21
Company: Microsoft Corporation
----------
Key: Sftvol
ImagePath: system32\DRIVERS\Sftvollh.sys
C:\Windows\System32\DRIVERS\Sftvollh.sys
23208 bytes
Created: 26.06.2013 18:21
Modified: 26.06.2013 18:21
Company: Microsoft Corporation
----------
Key: sftvsa
ImagePath: "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
207528 bytes
Created: 26.06.2013 18:21
Modified: 26.06.2013 18:21
Company: Microsoft Corporation
----------
Key: SkypeUpdate
ImagePath: D:\Skype\Updater\Updater.exe
D:\Skype\Updater\Updater.exe
-R- 172192 bytes
Created: 23.10.2013 08:15
Modified: 23.10.2013 08:15
Company: Skype Technologies
----------
Key: ssudmdm
ImagePath: system32\DRIVERS\ssudmdm.sys
C:\Windows\System32\DRIVERS\ssudmdm.sys
204568 bytes
Created: 28.10.2013 01:12
Modified: 28.10.2013 01:12
Company: DEVGURU Co., LTD.(www.devguru.co.kr)
----------
Key: Stereo Service
ImagePath: "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
413472 bytes
Created: 09.08.2013 14:37
Modified: 09.08.2013 14:37
Company: NVIDIA Corporation
----------
Key: stllssvr
ImagePath: "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
-R- 74392 bytes
Created: 30.04.2009 12:59
Modified: 30.04.2009 12:59
Company: MicroVision Development, Inc.
----------
Key: swenum
ImagePath: \SystemRoot\system32\drivers\swenum.sys
C:\Windows\System32\drivers\swenum.sys
12496 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: tdrpman273
ImagePath: system32\DRIVERS\tdrpm273.sys
C:\Windows\System32\DRIVERS\tdrpm273.sys
1263200 bytes
Created: 23.01.2011 14:27
Modified: 06.03.2012 10:59
Company: Acronis
----------
Key: TermDD
ImagePath: \SystemRoot\system32\drivers\termdd.sys
C:\Windows\System32\drivers\termdd.sys
63360 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:33
Company: Microsoft Corporation
----------
Key: TsUsbFlt
ImagePath: system32\drivers\tsusbflt.sys
C:\Windows\System32\drivers\tsusbflt.sys
57856 bytes
Created: 15.12.2012 01:23
Modified: 23.08.2012 15:07
Company: Microsoft Corporation
----------
Key: TuneUp.UtilitiesSvc
ImagePath: "D:\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
D:\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
2028864 bytes
Created: 13.12.2011 09:34
Modified: 13.12.2011 09:34
Company: TuneUp Software
----------
Key: TuneUpUtilitiesDrv
ImagePath: \??\D:\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
D:\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
11856 bytes
Created: 29.11.2010 19:27
Modified: 29.11.2010 19:27
Company: TuneUp Software
----------
Key: UNS
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2320920 bytes
Created: 31.12.2010 11:38
Modified: 30.09.2009 19:02
Company: Intel Corporation
----------
Key: USBAAPL64
ImagePath: System32\Drivers\usbaapl64.sys
C:\Windows\System32\Drivers\usbaapl64.sys
54784 bytes
Created: 13.12.2012 13:50
Modified: 13.12.2012 13:50
Company: Apple, Inc.
----------
Key: WinUsb
ImagePath: system32\DRIVERS\WinUSB.SYS
C:\Windows\System32\DRIVERS\WinUSB.SYS
41984 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 11:43
Company: Microsoft Corporation
----------
Key: wlidsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2292480 bytes
Created: 17.07.2012 14:14
Modified: 17.07.2012 14:14
Company: Microsoft Corp.
----------
************************************************************
14:53:52: Scanning -----VXD ENTRIES-----
************************************************************
14:53:52: Scanning ----- ContextMenuHandlers -----
Key: 7-Zip
CLSID: {23170F69-40C1-278A-1000-000100020000}
Path: D:\7_Zip\7-Zip\7-zip.dll
D:\7_Zip\7-Zip\7-zip.dll
55808 bytes
Created: 18.11.2010 17:08
Modified: 18.11.2010 17:08
Company: Igor Pavlov
----------
Key: PhotoStreamsExt
CLSID: {89D984B3-813B-406A-8298-118AFA3A22AE}
Path: C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll
C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll
600392 bytes
Created: 20.11.2013 15:43
Modified: 20.11.2013 15:43
Company: Apple Inc.
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: D:\TuneUp Utilities 2011\SDShelEx-win32.dll
D:\TuneUp Utilities 2011\SDShelEx-win32.dll
30016 bytes
Created: 13.12.2011 09:29
Modified: 13.12.2011 09:29
Company: TuneUp Software
----------
Key: VersionsPageShellExt
CLSID: {9E42900A-85F9-4E67-9778-575FBBA0A81C}
Path: D:\Acronis True Image_2011\versions_page.dll
D:\Acronis True Image_2011\versions_page.dll
128352 bytes
Created: 22.09.2011 22:22
Modified: 22.09.2011 22:22
Company: Acronis
----------
Key: {C539A15A-3AF9-4c92-B771-50CB78F5C751}
Path: D:\Acronis True Image_2011\tishell.dll
D:\Acronis True Image_2011\tishell.dll
1030536 bytes
Created: 22.09.2011 22:21
Modified: 22.09.2011 22:21
Company: Acronis
----------
************************************************************
14:53:52: Scanning ----- Folder\ColumnHandlers -----
No Folder\ColumnHandler entries found to scan
************************************************************
14:53:52: Scanning ----- 64-Bit ContextMenuHandlers -----
Key: AVK9CM
CLSID: {CAF4C320-32F5-11D3-A222-004095200FF2}
Path: D:\GData\AVK\ShellExt64.dll
D:\GData\AVK\ShellExt64.dll
333848 bytes
Created: 17.08.2011 15:00
Modified: 21.05.2012 04:35
Company: G Data Software AG
----------
Key: PhotoStreamsExt
CLSID: {89D984B3-813B-406A-8298-118AFA3A22AE}
Path: C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
1242440 bytes
Created: 20.11.2013 15:43
Modified: 20.11.2013 15:43
Company: Apple Inc.
----------
Key: RXDCExtSvr
CLSID: {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
Path: C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll
C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll
145904 bytes
Created: 26.06.2009 11:31
Modified: 26.06.2009 11:31
Company: Sonic Solutions
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: D:\TuneUp Utilities 2011\SDShelEx-x64.dll
D:\TuneUp Utilities 2011\SDShelEx-x64.dll
28480 bytes
Created: 13.12.2011 09:29
Modified: 13.12.2011 09:29
Company: TuneUp Software
----------
Key: VersionsPageShellExt
CLSID: {9E42900A-85F9-4E67-9778-575FBBA0A81C}
Path: D:\Acronis True Image_2011\x64\versions_page.dll
D:\Acronis True Image_2011\x64\versions_page.dll
142176 bytes
Created: 22.09.2011 22:22
Modified: 22.09.2011 22:22
Company: Acronis
----------
Key: {C539A15A-3AF9-4c92-B771-50CB78F5C751}
Path: D:\Acronis True Image_2011\tishell64.dll
D:\Acronis True Image_2011\tishell64.dll
1246088 bytes
Created: 22.09.2011 22:22
Modified: 22.09.2011 22:22
Company: Acronis
----------
************************************************************
14:53:53: Scanning ----- 64-Bit Folder\ColumnHandlers -----
No Folder\ColumnHandler entries found to scan
************************************************************
14:53:53: Scanning ----- Browser Helper Objects -----
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: D:\Java\bin\ssv.dll
D:\Java\bin\ssv.dll
462760 bytes
Created: 20.10.2013 12:37
Modified: 18.12.2013 21:07
Company: Oracle Corporation
----------
Key: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}
BHO: C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
52728 bytes
Created: 10.08.2011 16:31
Modified: 27.01.2012 14:40
Company: G Data Software AG
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: D:\Java\bin\jp2ssv.dll
D:\Java\bin\jp2ssv.dll
171944 bytes
Created: 20.10.2013 12:37
Modified: 18.12.2013 21:05
Company: Oracle Corporation
----------
************************************************************
14:53:53: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre7\bin\ssv.dll
C:\Program Files\Java\jre7\bin\ssv.dll
553384 bytes
Created: 20.10.2013 12:25
Modified: 20.10.2013 12:25
Company: Oracle Corporation
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
529664 bytes
Created: 17.07.2012 14:17
Modified: 17.07.2012 14:17
Company: Microsoft Corp.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre7\bin\jp2ssv.dll
C:\Program Files\Java\jre7\bin\jp2ssv.dll
210856 bytes
Created: 20.10.2013 12:25
Modified: 20.10.2013 12:25
Company: Oracle Corporation
----------
************************************************************
14:53:54: Scanning ----- ShellServiceObjectDelayLoad Entries -----
************************************************************
14:53:54: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries -----
************************************************************
14:53:54: Scanning ----- ShellServiceObjects -----
CLSID: {3BF043EF-A974-49B3-8322-B853CF1E5EC5}
File: %SystemRoot%\System32\SndVolSSO.dll
C:\Windows\SysWoW64\SndVolSSO.dll
220160 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 13:21
Company: Microsoft Corporation
----------
CLSID: {68ddbb56-9d1d-4fd9-89c5-c0da2a625392}
File: %SystemRoot%\system32\stobject.dll
C:\Windows\SysWoW64\stobject.dll
228352 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 13:21
Company: Microsoft Corporation
----------
CLSID: {7007ACCF-3202-11D1-AAD2-00805FC1270E}
File: %SystemRoot%\System32\netshell.dll
C:\Windows\SysWoW64\netshell.dll
2494464 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 13:20
Company: Microsoft Corporation
----------
CLSID: {900c0763-5cad-4a34-bc1f-40cd513679d5}
File: %SystemRoot%\System32\hcproviders.dll
C:\Windows\SysWoW64\hcproviders.dll
26112 bytes
Created: 14.07.2009 00:40
Modified: 14.07.2009 02:15
Company: Microsoft Corporation
----------
CLSID: {A1607060-5D4C-467a-B711-2B59A6F25957}
File: %SystemRoot%\System32\AltTab.dll
C:\Windows\SysWoW64\AltTab.dll
46592 bytes
Created: 14.07.2009 00:39
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
----------
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
File: %SystemRoot%\system32\wpdshserviceobj.dll
C:\Windows\SysWoW64\wpdshserviceobj.dll
105984 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 13:21
Company: Microsoft Corporation
----------
CLSID: {C2796011-81BA-4148-8FCA-C6643245113F}
File: %SystemRoot%\System32\pnidui.dll
C:\Windows\SysWoW64\pnidui.dll
1750528 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 13:20
Company: Microsoft Corporation
----------
CLSID: {DA67B8AD-E81B-4c70-9B91-B417B5E33527}
File: %SystemRoot%\System32\srchadmin.dll
C:\Windows\SysWoW64\srchadmin.dll
301568 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 13:21
Company: Microsoft Corporation
----------
CLSID: {EF4D1E1A-1C87-4AA8-8934-E68E4367468D}
File: C:\Windows\SysWOW64\shdocvw.dll
C:\Windows\SysWOW64\shdocvw.dll
180224 bytes
Created: 12.09.2013 17:16
Modified: 26.07.2013 02:55
Company: Microsoft Corporation
----------
CLSID: {F08C5AC2-E722-4116-ADB7-CE41B527994B}
File: C:\Windows\SysWOW64\bthprops.cpl
C:\Windows\SysWOW64\bthprops.cpl
692736 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 13:16
Company: Microsoft Corporation
----------
CLSID: {F20487CC-FC04-4B1E-863F-D9801796130B}
File: %SystemRoot%\System32\SyncCenter.dll
C:\Windows\SysWoW64\SyncCenter.dll
2146304 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 13:21
Company: Microsoft Corporation
----------
CLSID: {F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}
File: %SystemRoot%\System32\Actioncenter.dll
C:\Windows\SysWoW64\Actioncenter.dll
744448 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 13:18
Company: Microsoft Corporation
----------
CLSID: {ff363bfe-4941-4179-a81c-f3f1ca72d820}
File: %SystemRoot%\System32\hgcpl.dll
C:\Windows\SysWoW64\hgcpl.dll
312832 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 13:19
Company: Microsoft Corporation
----------
************************************************************
14:53:57: Scanning ----- 64-Bit ShellServiceObjects -----
CLSID: {3BF043EF-A974-49B3-8322-B853CF1E5EC5}
File: %SystemRoot%\System32\SndVolSSO.dll
C:\Windows\System32\SndVolSSO.dll
225280 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:27
Company: Microsoft Corporation
----------
CLSID: {566296fe-e0e8-475f-ba9c-a31ad31620b1}
File: %systemroot%\system32\dxp.dll
C:\Windows\System32\dxp.dll
459776 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:26
Company: Microsoft Corporation
----------
CLSID: {68ddbb56-9d1d-4fd9-89c5-c0da2a625392}
File: %SystemRoot%\system32\stobject.dll
C:\Windows\System32\stobject.dll
257024 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:27
Company: Microsoft Corporation
----------
CLSID: {6FDEDD65-AC51-43CA-B2D0-9EB5D1155D03}
File: C:\Windows\ehome\ehSSO.dll
C:\Windows\ehome\ehSSO.dll
26112 bytes
Created: 14.07.2009 01:24
Modified: 14.07.2009 02:40
Company: Microsoft Corporation
----------
CLSID: {7007ACCF-3202-11D1-AAD2-00805FC1270E}
File: %SystemRoot%\System32\netshell.dll
C:\Windows\System32\netshell.dll
2652160 bytes
Created: 27.04.2011 21:52
Modified: 20.11.2010 14:27
Company: Microsoft Corporation
----------
CLSID: {900c0763-5cad-4a34-bc1f-40cd513679d5}
File: %SystemRoot%\System32\hcproviders.dll
C:\Windows\System32\hcproviders.dll
31232 bytes
Created: 14.07.2009 00:56
Modified: 14.07.2009 02:40
Company: Microsoft Corporation
----------
CLSID: {A1607060-5D4C-467a-B711-2B59A6F25957}
File: %SystemRoot%\System32\AltTab.dll
C:\Windows\System32\AltTab.dll
53248 bytes
Created: 14.07.2009 00:55
Modified: 14.07.2009 02:40
Company: Microsoft Corporation
----------
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
File: %SystemRoot%\system32\wpdshserviceobj.dll
C:\Windows\System32\wpdshserviceobj.dll
115200 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:27
Company: Microsoft Corporation
----------
CLSID: {C2796011-81BA-4148-8FCA-C6643245113F}
File: %SystemRoot%\System32\pnidui.dll
C:\Windows\System32\pnidui.dll
1808384 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:27
Company: Microsoft Corporation
----------
CLSID: {DA67B8AD-E81B-4c70-9B91-B417B5E33527}
File: %SystemRoot%\System32\srchadmin.dll
C:\Windows\System32\srchadmin.dll
340992 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:27
Company: Microsoft Corporation
----------
CLSID: {EF4D1E1A-1C87-4AA8-8934-E68E4367468D}
File: C:\Windows\system32\shdocvw.dll
C:\Windows\System32\shdocvw.dll
197120 bytes
Created: 12.09.2013 17:16
Modified: 26.07.2013 03:24
Company: Microsoft Corporation
----------
CLSID: {F08C5AC2-E722-4116-ADB7-CE41B527994B}
File: C:\Windows\System32\bthprops.cpl
C:\Windows\System32\bthprops.cpl
721408 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:24
Company: Microsoft Corporation
----------
CLSID: {F20487CC-FC04-4B1E-863F-D9801796130B}
File: %SystemRoot%\System32\SyncCenter.dll
C:\Windows\System32\SyncCenter.dll
2262528 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:27
Company: Microsoft Corporation
----------
CLSID: {F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}
File: %SystemRoot%\System32\Actioncenter.dll
C:\Windows\System32\Actioncenter.dll
780800 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:25
Company: Microsoft Corporation
----------
CLSID: {ff363bfe-4941-4179-a81c-f3f1ca72d820}
File: %SystemRoot%\System32\hgcpl.dll
C:\Windows\System32\hgcpl.dll
332288 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:26
Company: Microsoft Corporation
----------
************************************************************
14:54:00: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan
************************************************************
14:54:00: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
14:54:00: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
14:54:00: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
14:54:00: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14.07.2009 05:54
Modified: 14.07.2009 05:54
Company: [no info]
--------------------
************************************************************
14:54:00: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: sauterch
[C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 30.12.2010 21:36
Modified: 15.09.2013 20:53
Company: [no info]
----------
--------------------
************************************************************
14:54:00: Scanning ----- SCHEDULED TASKS -----
Taskname: {00713CB9-7ED8-4245-BF9E-CC03CC38DF87}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
275568 bytes
Created: 30.12.2013 16:33
Modified: 30.12.2013 16:33
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {055FCA50-8DE4-4486-B42F-147BF36C5FC7}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
275568 bytes
Created: 30.12.2013 16:33
Modified: 30.12.2013 16:33
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {400197BC-65DC-41D5-945A-2EF9298838F1}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
275568 bytes
Created: 30.12.2013 16:33
Modified: 30.12.2013 16:33
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.115/de/go/help.faq.installer?LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {5C00BB8D-3F7F-4CA2-8BC1-AD073F5AD5FD}
File: C:\Program Files (x86)\Skype\Phone\Skype.exe
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
C:\Program Files (x86)\Skype\Phone\Skype.exe - [file not found to scan]
----------
Taskname: {5DB2831F-AD6A-4A83-9274-E33CF6B93952}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
275568 bytes
Created: 30.12.2013 16:33
Modified: 30.12.2013 16:33
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?source=lightinstaller&LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetupLight
Comments:
----------
Taskname: {8356B895-1E2D-4985-90C0-600205F330C9}
File: C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
2677232 bytes
Created: 22.06.2009 11:36
Modified: 22.06.2009 11:36
Company:
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator:
Comments:
----------
Taskname: {DD5500C3-E770-42ED-99DC-084BABEC91FA}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
275568 bytes
Created: 30.12.2013 16:33
Modified: 30.12.2013 16:33
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {E41299EE-6113-4D8D-BDEC-716F782CDE0E}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
275568 bytes
Created: 30.12.2013 16:33
Modified: 30.12.2013 16:33
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: Adobe Flash Player Updater
File: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
257928 bytes
Created: 07.03.2013 16:27
Modified: 18.01.2014 16:22
Company: Adobe Systems Incorporated
Schedule: At 01:25:00 every day
Next Run Time: 02.02.2014 15:25:00
Status: Ready
Creator: Adobe Systems Incorporated
Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname: CCleanerSkipUAC
File: D:\CCleaner\CCleaner.exe
D:\CCleaner\CCleaner.exe
4324120 bytes
Created: 22.11.2013 14:42
Modified: 22.11.2013 14:42
Company: Piriform Ltd
Parameters: $(Arg0)
Schedule: Task not scheduled
Next Run Time:
Status: Ready
Creator: Piriform Ltd
Comments:
----------
Taskname: Divx-Online-Aktualisierungsprogramm
File: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Parameters: /CHECKNOW
Schedule: At 10:00:00 every Montag of every week, starting 01.01.2009
Next Run Time: 03.02.2014 10:00:00
Status: Ready
Creator: TuneUp
Comments: tuident:2123EDB4
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe - [file not found to scan]
----------
Taskname: DriverScanner
File: D:\DriverScanner\DriverScanner\dsmonitor.exe
D:\DriverScanner\DriverScanner\dsmonitor.exe
25464 bytes
Created: 17.11.2011 22:11
Modified: 05.09.2011 16:20
Company: Uniblue Systems Limited
Schedule: At logon
Next Run Time:
Status: Ready
Creator: sauterch
Comments:
----------
Taskname: Java Update Scheduler
File: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
254336 bytes
Created: 02.07.2013 08:16
Modified: 02.07.2013 08:16
Company: Oracle Corporation
Schedule: At 10:00:00 every Montag of every week, starting 01.01.2009
Next Run Time: 03.02.2014 10:00:00
Status: Ready
Creator: TuneUp
Comments: tuident:78C4302E
----------
Taskname: SidebarExecute
File: C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
1174016 bytes
Created: 27.04.2011 21:52
Modified: 20.11.2010 13:17
Company: Microsoft Corporation
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator:
Comments:
----------
Taskname: TuneUpUtilities_Task_BkGndMaintenance2011
File: D:\TuneUp Utilities 2011\OneClick.exe
D:\TuneUp Utilities 2011\OneClick.exe
603968 bytes
Created: 13.12.2011 09:37
Modified: 13.12.2011 09:37
Company: TuneUp Software
Parameters: $(Arg0)
Schedule: Task not scheduled
Next Run Time:
Status: Ready
Creator:
Comments:
----------
Taskname: User_Feed_Synchronization-{E65FAF42-D005-4209-8259-34AE0371B7A1}
File: C:\Windows\Sysnative\msfeedssync.exe
C:\Windows\System32\msfeedssync.exe
13312 bytes
Created: 31.12.2013 09:43
Modified: 31.12.2013 09:43
Company: Microsoft Corporation
Parameters: sync
Schedule: At 16:54:22 every day
Next Run Time: 02.02.2014 17:54:22
Status: Ready
Creator: sauterch-PC\sauterch
Comments: Aktualisiert veraltete Systemfeeds.
----------
************************************************************
|
|
30.07.2014, 20:11
| #17 |
| | Über Nacht: Kein ereignisprotokoll, keine Internetverbindung, PC sehr langsam nach Anmeldung Trojan Remover Logfiles
__________________Code:
ATTFilter ************************************************************
14:54:03: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\Windows\SysWoW64\ntshrui.dll
442880 bytes
Created: 18.02.2012 10:28
Modified: 04.01.2012 09:58
Company: Microsoft Corporation
----------
************************************************************
14:54:03: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.i420
File: lvcodec2.dll
C:\Windows\SysWoW64\lvcodec2.dll
416280 bytes
Created: 26.07.2008 15:23
Modified: 26.07.2008 15:23
Company: Logitech Inc.
----------
Value: msacm.l3acm
File: C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 02:14
Company: Fraunhofer Institut Integrierte Schaltungen IIS
----------
************************************************************
14:54:03: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
144595 bytes
Created: 30.12.2010 21:36
Modified: 30.08.2013 20:04
Company: [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
----------
Additional checks completed
************************************************************
14:54:04: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
112640 bytes
Created: 12.09.2013 17:17
Modified: 02.08.2013 01:59
Company: Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created: 14.07.2009 00:52
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\lsass.exe
30720 bytes
Created: 14.11.2013 22:15
Modified: 25.09.2013 02:03
Company: Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created: 27.04.2011 21:52
Modified: 20.11.2010 14:24
Company: Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
390656 bytes
Created: 27.04.2011 21:52
Modified: 20.11.2010 14:25
Company: Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1137440 bytes
Created: 09.09.2013 21:29
Modified: 09.08.2013 21:07
Company: NVIDIA Corporation
--------------------
C:\Windows\System32\spoolsv.exe
559104 bytes
Created: 16.08.2012 19:51
Modified: 11.02.2012 07:36
Company: Microsoft Corporation
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
462184 bytes
Created: 30.08.2011 22:05
Modified: 30.08.2011 22:05
Company: Apple Inc.
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
223488 bytes
Created: 17.07.2012 14:14
Modified: 17.07.2012 14:14
Company: Microsoft Corp.
--------------------
C:\Windows\System32\WUDFHost.exe
229888 bytes
Created: 17.11.2012 00:28
Modified: 26.07.2012 04:08
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
283640 bytes
Created: 28.07.2011 02:59
Modified: 27.01.2012 04:49
Company: G Data Software AG
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created: 30.06.2011 16:55
Modified: 04.05.2011 06:19
Company: Microsoft Corporation
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created: 09.01.2013 19:53
Modified: 23.11.2012 04:13
Company: Microsoft Corporation
--------------------
C:\Windows\System32\conhost.exe
338432 bytes
Created: 12.09.2013 17:16
Modified: 02.08.2013 02:09
Company: Microsoft Corporation
--------------------
D:\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
786240 bytes
Created: 13.12.2011 09:34
Modified: 13.12.2011 09:34
Company: TuneUp Software
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created: 14.07.2009 00:37
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
1028896 bytes
Created: 09.09.2013 21:30
Modified: 27.08.2013 22:16
Company: NVIDIA Corporation
--------------------
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
231704 bytes
Created: 27.09.2011 20:05
Modified: 27.09.2011 20:05
Company: Logitech, Inc.
--------------------
D:\Kies\Kies\Kies.exe
1564528 bytes
Created: 29.11.2011 20:58
Modified: 06.11.2013 02:55
Company: Samsung
--------------------
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
59720 bytes
Created: 20.11.2013 15:43
Modified: 20.11.2013 15:43
Company: Apple Inc.
--------------------
C:\Users\sauterch\AppData\Local\Apps\2.0\N7JC67JJ.28D\EXZ09BGP.07J\frit..tion_1acae14e4778b8d2_0002.0003_6dcb4a48ddb2ee39\fritzbox-usb-fernanschluss.exe
333152 bytes
Created: 30.12.2013 19:34
Modified: 30.12.2013 19:34
Company: AVM Berlin
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2450208 bytes
Created: 09.09.2013 21:29
Modified: 09.08.2013 21:07
Company: NVIDIA Corporation
--------------------
D:\Mozilla Firefox\plugin-container.exe
18544 bytes
Created: 30.12.2013 16:33
Modified: 30.12.2013 16:33
Company: Mozilla Corporation
--------------------
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
1863048 bytes
Created: 18.01.2014 16:22
Modified: 18.01.2014 16:22
Company: Adobe Systems, Inc.
--------------------
C:\Windows\System32\msiexec.exe
128000 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:24
Company: Microsoft Corporation
--------------------
D:\Garmin\Express\Express.exe
2549080 bytes
Created: 30.12.2013 09:05
Modified: 30.12.2013 09:05
Company: Garmin
--------------------
C:\Windows\servicing\TrustedInstaller.exe
194048 bytes
Created: 27.04.2011 21:51
Modified: 20.11.2010 14:25
Company: Microsoft Corporation
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created: 30.06.2011 16:55
Modified: 04.05.2011 06:19
Company: Microsoft Corporation
--------------------
D:\Trojan Remover\Rmvtrjan.exe
FileSize: 5512440
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\System32\wbem\WmiPrvSE.exe
372736 bytes
Created: 27.04.2011 21:52
Modified: 20.11.2010 14:25
Company: Microsoft Corporation
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created: 30.06.2011 16:55
Modified: 04.05.2011 06:19
Company: Microsoft Corporation
--------------------
************************************************************
14:54:08: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8ff9e2c0-c955-4d2e-a461-0606362ab29b&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 14:54:08 02 Feb 2014
Total Scan time: 00:00:34
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.8.2622. For information, email support@simplysup.com
[Registered to: sauterch@yahoo.de]
Scan started at: 12:13:56 08 Sep 2013
Using Database v8207
Operating System: Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601] [in Compatibility Mode]
True Operating System: Windows 8 x64
File System: NTFS
User Account Control is Enabled
[Secure Desktop Prompt is DISABLED]
UserData directory: C:\Users\sauterch\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\sauterch\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: D:\Trojan Remover\
Running with Administrator privileges
************************************************************
12:13:57: ----- Checking Default File Associations -----
No modified default file associations detected
************************************************************
12:13:57: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
12:13:57: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2871808 bytes
Created: 27.04.2011 18:56
Modified: 25.02.2011 08:19
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe
30720 bytes
Created: 27.04.2011 22:51
Modified: 20.11.2010 15:25
Company: Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [G Data AntiVirus Tray Application]
Value Data: [D:\GData\AVKTray\AVKTray.exe]
D:\GData\AVKTray\AVKTray.exe
1035216 bytes
Created: 22.02.2013 23:08
Modified: 09.01.2013 14:01
Company: G Data Software AG
--------------------
Value Name: [GDFirewallTray]
Value Data: [D:\GData\Firewall\GDFirewallTray.exe]
D:\GData\Firewall\GDFirewallTray.exe
1475096 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 06:20
Company: G Data Software AG
--------------------
Value Name: [TrojanScanner]
Value Data: [D:\Trojan Remover\Trjscan.exe /boot]
D:\Trojan Remover\Trjscan.exe
1655568 bytes
Created: 25.08.2013 20:52
Modified: 19.07.2013 17:42
Company: Simply Super Software
--------------------
Value Name: [SunJavaUpdateSched]
Value Data: ["C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
253816 bytes
Created: 12.03.2013 07:32
Modified: 12.03.2013 07:32
Company: Oracle Corporation
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [Sidebar]
Value Data: [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun]
C:\Program Files\Windows Sidebar\sidebar.exe
1475584 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:25
Company: Microsoft Corporation
--------------------
Value Name: [ctfmon.exe]
Value Data: ["C:\Windows\system32\ctfmon.exe"]
C:\Windows\System32\ctfmon.exe
9728 bytes
Created: 14.07.2009 01:39
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
Value Name: [AVMUSBFernanschluss]
Value Data: ["C:\Users\sauterch\AppData\Local\Apps\2.0\N7JC67JJ.28D\EXZ09BGP.07J\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\AVMAutoStart.exe"]
C:\Users\sauterch\AppData\Local\Apps\2.0\N7JC67JJ.28D\EXZ09BGP.07J\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\AVMAutoStart.exe
139264 bytes
Created: 20.08.2013 18:15
Modified: 20.08.2013 18:15
Company: AVM Berlin
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: [Uninstall C:\Users\sauterch\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64]
Value Data: [C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sauterch\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"]
C:\Windows\System32\cmd.exe
345088 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:24
Company: Microsoft Corporation
************************************************************
12:13:59: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [Acronis Scheduler2 Service]
Value Data: ["C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"]
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
391240 bytes
Created: 06.12.2010 07:55
Modified: 06.12.2010 07:55
Company: Acronis
--------------------
Value Name: [EvtMgr6]
Value Data: [D:\Logitech\SetPointP\SetPoint.exe /launchGaming]
D:\Logitech\SetPointP\SetPoint.exe
1744152 bytes
Created: 07.10.2011 11:38
Modified: 07.10.2011 11:38
Company: Logitech, Inc.
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
12:13:59: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty
************************************************************
12:13:59: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
12:13:59: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
12:13:59: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\System32\cmd.exe
345088 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:24
Company: Microsoft Corporation
----------
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
C:\Program Files (x86)\Windows Mail\WinMail.exe
************************************************************
12:13:59: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: UxTuneUp
Path: %SystemRoot%\System32\uxtuneup.dll
C:\Windows\System32\uxtuneup.dll
36160 bytes
Created: 15.01.2011 17:11
Modified: 13.12.2011 10:29
Company: TuneUp Software
--------------------
Key: wuauserv
Path: C:\Windows\system32\wuaueng.dll
C:\Windows\System32\wuaueng.dll
2428952 bytes
Created: 22.06.2012 18:39
Modified: 03.06.2012 00:19
Company: Microsoft Corporation
--------------------
************************************************************
12:14:00: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AAV UpdateService
ImagePath: D:\Steuer-Spar-Erklaerung\AAVUpdateManager\aavus.exe
D:\Steuer-Spar-Erklaerung\AAVUpdateManager\aavus.exe
128296 bytes
Created: 24.10.2008 16:35
Modified: 24.10.2008 16:35
Company:
----------
Key: AcrSch2Svc
ImagePath: "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1112744 bytes
Created: 06.12.2010 07:55
Modified: 06.12.2010 07:55
Company: Acronis
----------
Key: afcdp
ImagePath: system32\DRIVERS\afcdp.sys
C:\Windows\System32\DRIVERS\afcdp.sys
285280 bytes
Created: 06.03.2012 11:59
Modified: 06.03.2012 11:59
Company: Acronis
----------
Key: afcdpsrv
ImagePath: C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
3246040 bytes
Created: 06.03.2012 11:59
Modified: 06.03.2012 11:59
Company: Acronis
----------
Key: amdsata
ImagePath: \SystemRoot\system32\drivers\amdsata.sys
C:\Windows\System32\drivers\amdsata.sys
107904 bytes
Created: 27.04.2011 18:56
Modified: 11.03.2011 08:41
Company: Advanced Micro Devices
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
57008 bytes
Created: 21.12.2012 17:27
Modified: 21.12.2012 17:27
Company: Apple Inc.
----------
Key: atapi
ImagePath: system32\drivers\atapi.sys
C:\Windows\System32\drivers\atapi.sys
24128 bytes
Created: 14.07.2009 01:19
Modified: 14.07.2009 03:52
Company: Microsoft Corporation
----------
Key: AVKProxy
ImagePath: "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe"
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
1548312 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 05:49
Company: G Data Software AG
----------
Key: AVKService
ImagePath: "D:\GData\AVK\AVKService.exe"
D:\GData\AVK\AVKService.exe
469016 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 05:47
Company: G Data Software AG
----------
Key: AVKWCtl
ImagePath: "D:\GData\AVK\AVKWCtlX64.exe"
D:\GData\AVK\AVKWCtlX64.exe
2012592 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 06:08
Company: G Data Software AG
----------
Key: avmaudio
ImagePath: system32\DRIVERS\avmaudio.sys
C:\Windows\System32\DRIVERS\avmaudio.sys
116096 bytes
Created: 08.01.2011 21:23
Modified: 08.01.2011 21:23
Company: AVM Berlin
----------
Key: avmaura
ImagePath: system32\DRIVERS\avmaura.sys
C:\Windows\System32\DRIVERS\avmaura.sys
116480 bytes
Created: 22.12.2012 11:27
Modified: 22.12.2012 11:26
Company: AVM Berlin
----------
Key: b06bdrv
ImagePath: \SystemRoot\system32\DRIVERS\bxvbda.sys
C:\Windows\System32\DRIVERS\bxvbda.sys
468480 bytes
Created: 10.06.2009 22:34
Modified: 10.06.2009 22:34
Company: Broadcom Corporation
----------
Key: b57nd60a
ImagePath: system32\DRIVERS\b57nd60a.sys
C:\Windows\System32\DRIVERS\b57nd60a.sys
270848 bytes
Created: 10.06.2009 22:34
Modified: 10.06.2009 22:34
Company: Broadcom Corporation
----------
Key: CLKMSVC10_C19A2874
ImagePath: "D:\Cyberlink PowerDVD\PowerDVD9\NavFilter\kmsvc.exe" /svc
D:\Cyberlink PowerDVD\PowerDVD9\NavFilter\kmsvc.exe
232944 bytes
Created: 26.04.2010 19:10
Modified: 26.04.2010 19:10
Company: CyberLink
----------
Key: clr_optimization_v2.0.50727_64
ImagePath: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
89920 bytes
Created: 13.07.2009 22:37
Modified: 10.06.2009 22:39
Company: Microsoft Corporation
----------
Key: clr_optimization_v4.0.30319_32
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 18.03.2010 14:16
Modified: 18.03.2010 14:16
Company: Microsoft Corporation
----------
Key: clr_optimization_v4.0.30319_64
ImagePath: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
138576 bytes
Created: 18.03.2010 15:27
Modified: 18.03.2010 15:27
Company: Microsoft Corporation
----------
Key: CompositeBus
ImagePath: \SystemRoot\system32\drivers\CompositeBus.sys
C:\Windows\System32\drivers\CompositeBus.sys
38912 bytes
Created: 27.04.2011 22:51
Modified: 20.11.2010 12:33
Company: Microsoft Corporation
----------
Key: cvhsvc
ImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
822624 bytes
Created: 04.01.2012 15:22
Modified: 04.01.2012 15:22
Company: Microsoft Corporation
----------
Key: dg_ssudbus
ImagePath: system32\DRIVERS\ssudbus.sys
C:\Windows\System32\DRIVERS\ssudbus.sys
103448 bytes
Created: 08.08.2013 23:04
Modified: 21.06.2013 02:07
Company: DEVGURU Co., LTD.(www.devguru.co.kr)
----------
Key: ebdrv
ImagePath: \SystemRoot\system32\DRIVERS\evbda.sys
C:\Windows\System32\DRIVERS\evbda.sys
3286016 bytes
Created: 10.06.2009 22:34
Modified: 10.06.2009 22:34
Company: Broadcom Corporation
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
1045256 bytes
Created: 06.01.2011 13:00
Modified: 06.01.2011 13:00
Company: Acresso Software Inc.
----------
Key: FontCache3.0.0.0
ImagePath: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
42856 bytes
Created: 27.04.2011 22:51
Modified: 05.11.2010 03:53
Company: Microsoft Corporation
----------
Key: FsUsbExDisk
ImagePath: \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS
C:\Windows\SysWOW64\FsUsbExDisk.SYS
37344 bytes
Created: 22.02.2013 23:17
Modified: 05.02.2013 10:54
Company: [no info]
----------
Key: Garmin Core Update Service
ImagePath: "D:\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
D:\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
220504 bytes
Created: 22.08.2013 14:00
Modified: 22.08.2013 14:00
Company: Garmin Ltd or its subsidiaries
----------
Key: GDBehave
ImagePath: system32\drivers\GDBehave.sys
C:\Windows\System32\drivers\GDBehave.sys
54176 bytes
Created: 31.12.2010 12:25
Modified: 08.01.2013 13:21
Company: G Data Software AG
----------
Key: GDFwSvc
ImagePath: "D:\GData\Firewall\GDFwSvcx64.exe"
D:\GData\Firewall\GDFwSvcx64.exe
2377736 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 06:14
Company: G Data Software AG
----------
Key: GDMnIcpt
ImagePath: \??\C:\Windows\system32\drivers\MiniIcpt.sys
C:\Windows\System32\drivers\MiniIcpt.sys
126880 bytes
Created: 31.12.2010 12:24
Modified: 08.01.2013 13:21
Company: G Data Software AG
----------
Key: GdNetMon
ImagePath: \??\C:\Windows\system32\drivers\GdNetMon64.sys
C:\Windows\System32\drivers\GdNetMon64.sys
31608 bytes
Created: 31.10.2011 23:38
Modified: 31.10.2011 23:38
Company: G Data Software AG
----------
Key: GDPkIcpt
ImagePath: \??\C:\Windows\system32\drivers\PktIcpt.sys
C:\Windows\System32\drivers\PktIcpt.sys
62368 bytes
Created: 31.12.2010 12:25
Modified: 08.01.2013 13:23
Company: G Data Software AG
----------
Key: GDScan
ImagePath: "C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe"
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
470008 bytes
Created: 17.08.2012 16:29
Modified: 29.03.2012 04:42
Company: G Data Software AG
----------
Key: gdwfpcd
ImagePath: system32\drivers\gdwfpcd64.sys
C:\Windows\System32\drivers\gdwfpcd64.sys
65008 bytes
Created: 31.12.2010 12:24
Modified: 22.02.2013 23:08
Company: G Data Software AG
----------
Key: GRD
ImagePath: \??\C:\Windows\system32\drivers\GRD.sys
C:\Windows\System32\drivers\GRD.sys
106648 bytes
Created: 31.12.2010 13:21
Modified: 01.09.2012 13:15
Company: G Data Software
----------
Key: gusvc
ImagePath: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 04.01.2011 22:06
Modified: 11.06.2010 02:40
Company: Google
----------
Key: HECIx64
ImagePath: system32\DRIVERS\HECIx64.sys
C:\Windows\System32\DRIVERS\HECIx64.sys
56344 bytes
Created: 31.12.2010 12:37
Modified: 17.09.2009 13:54
Company: Intel Corporation
----------
Key: HookCentre
ImagePath: \??\C:\Windows\system32\drivers\HookCentre.sys
C:\Windows\System32\drivers\HookCentre.sys
64416 bytes
Created: 31.10.2011 23:38
Modified: 22.02.2013 23:08
Company: G Data Software AG
----------
Key: iaStorV
ImagePath: \SystemRoot\system32\drivers\iaStorV.sys
C:\Windows\System32\drivers\iaStorV.sys
410496 bytes
Created: 27.04.2011 18:56
Modified: 11.03.2011 08:41
Company: Intel Corporation
----------
Key: idsvc
ImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
856400 bytes
Created: 27.04.2011 22:51
Modified: 05.11.2010 03:52
Company: Microsoft Corporation
----------
Key: IGDCTRL
ImagePath: "C:\Program Files\FRITZ!DSL\IGDCTRL.EXE"
C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
88888 bytes
Created: 28.07.2009 17:10
Modified: 28.07.2009 17:10
Company: AVM Berlin
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RTKVHD64.sys
C:\Windows\System32\drivers\RTKVHD64.sys
2009376 bytes
Created: 27.08.2013 20:41
Modified: 06.10.2009 19:51
Company: Realtek Semiconductor Corp.
----------
Key: k57nd60a
ImagePath: system32\DRIVERS\k57nd60a.sys
C:\Windows\System32\DRIVERS\k57nd60a.sys
321064 bytes
Created: 16.10.2009 03:32
Modified: 16.10.2009 03:32
Company: Broadcom Corporation
----------
Key: ksthunk
ImagePath: \SystemRoot\system32\drivers\ksthunk.sys
C:\Windows\System32\drivers\ksthunk.sys
20992 bytes
Created: 14.07.2009 02:00
Modified: 14.07.2009 02:00
Company: Microsoft Corporation
----------
Key: LBTServ
ImagePath: C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
359192 bytes
Created: 27.09.2011 21:04
Modified: 27.09.2011 21:04
Company: Logitech, Inc.
----------
Key: LMS
ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
268824 bytes
Created: 31.12.2010 12:38
Modified: 30.09.2009 20:02
Company: Intel Corporation
----------
Key: LUsbFilt
ImagePath: System32\Drivers\LUsbFilt.Sys
C:\Windows\System32\Drivers\LUsbFilt.Sys
42776 bytes
Created: 02.09.2011 08:30
Modified: 02.09.2011 08:30
Company: Logitech, Inc.
----------
Key: lvpepf64
ImagePath: system32\DRIVERS\lv302a64.sys
C:\Windows\System32\DRIVERS\lv302a64.sys
15768 bytes
Created: 26.07.2008 16:22
Modified: 26.07.2008 16:22
Company: Logitech Inc.
----------
Key: LVRS64
ImagePath: system32\DRIVERS\lvrs64.sys
C:\Windows\System32\DRIVERS\lvrs64.sys
790424 bytes
Created: 26.07.2008 16:25
Modified: 26.07.2008 16:25
Company: Logitech Inc.
----------
Key: LVUSBS64
ImagePath: system32\drivers\LVUSBS64.sys
C:\Windows\System32\drivers\LVUSBS64.sys
50072 bytes
Created: 26.07.2008 16:26
Modified: 26.07.2008 16:26
Company: Logitech Inc.
----------
Key: MozillaMaintenance
ImagePath: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
117656 bytes
Created: 22.08.2013 19:50
Modified: 14.08.2013 19:55
Company: Mozilla Foundation
----------
Key: mssmbios
ImagePath: \SystemRoot\system32\drivers\mssmbios.sys
C:\Windows\System32\drivers\mssmbios.sys
32320 bytes
Created: 14.07.2009 01:31
Modified: 14.07.2009 03:48
Company: Microsoft Corporation
----------
Key: NVHDA
ImagePath: system32\drivers\nvhda64v.sys
C:\Windows\System32\drivers\nvhda64v.sys
194488 bytes
Created: 09.03.2013 22:46
Modified: 19.12.2012 07:41
Company: NVIDIA Corporation
----------
Key: nvsvc
ImagePath: "C:\Windows\system32\nvvsvc.exe"
C:\Windows\System32\nvvsvc.exe
893728 bytes
Created: 03.09.2013 16:19
Modified: 09.08.2013 22:07
Company: NVIDIA Corporation
----------
Key: nvUpdatusService
ImagePath: "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1364256 bytes
Created: 03.09.2013 16:20
Modified: 27.08.2013 07:53
Company: NVIDIA Corporation
----------
Key: nvvad_WaveExtensible
ImagePath: system32\drivers\nvvad64v.sys
C:\Windows\System32\drivers\nvvad64v.sys - [file not found to scan]
----------
Key: ose
ImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
149352 bytes
Created: 09.01.2010 22:18
Modified: 09.01.2010 22:18
Company: Microsoft Corporation
----------
Key: osppsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4925184 bytes
Created: 09.01.2010 22:34
Modified: 09.01.2010 22:34
Company: Microsoft Corporation
----------
Key: PerfHost
ImagePath: %SystemRoot%\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
20992 bytes
Created: 14.07.2009 01:11
Modified: 14.07.2009 03:14
Company: Microsoft Corporation
----------
Key: PID_PEPI
ImagePath: system32\DRIVERS\LV302V64.SYS
C:\Windows\System32\DRIVERS\LV302V64.SYS
2624408 bytes
Created: 26.07.2008 16:22
Modified: 26.07.2008 16:22
Company: Logitech Inc.
----------
Key: PxHlpa64
ImagePath: System32\Drivers\PxHlpa64.sys
C:\Windows\System32\Drivers\PxHlpa64.sys
55856 bytes
Created: 06.01.2011 13:58
Modified: 04.03.2011 21:44
Company: Sonic Solutions
----------
Key: rdpbus
ImagePath: \SystemRoot\system32\DRIVERS\rdpbus.sys
C:\Windows\System32\DRIVERS\rdpbus.sys
24064 bytes
Created: 14.07.2009 02:17
Modified: 14.07.2009 02:17
Company: Microsoft Corporation
----------
Key: RdpVideoMiniport
ImagePath: System32\drivers\rdpvideominiport.sys
C:\Windows\System32\drivers\rdpvideominiport.sys
19456 bytes
Created: 15.12.2012 02:23
Modified: 23.08.2012 16:10
Company: Microsoft Corporation
----------
Key: RoxMediaDB10
ImagePath: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe"
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
1124848 bytes
Created: 26.06.2009 12:19
Modified: 26.06.2009 12:19
Company: Sonic Solutions
----------
Key: RxFilter
ImagePath: system32\DRIVERS\RxFilter.sys
C:\Windows\System32\DRIVERS\RxFilter.sys - [file not found to scan]
----------
Key: Serenum
ImagePath: \SystemRoot\system32\DRIVERS\serenum.sys
C:\Windows\System32\DRIVERS\serenum.sys
23552 bytes
Created: 14.07.2009 02:00
Modified: 14.07.2009 02:00
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\DRIVERS\serial.sys
C:\Windows\System32\DRIVERS\serial.sys
94208 bytes
Created: 14.07.2009 02:00
Modified: 14.07.2009 02:00
Company: Brother Industries Ltd.
----------
Key: SessionLauncher
ImagePath: C:\Users\sauterch\AppData\Local\Temp\DX9\SessionLauncher.exe
C:\Users\sauterch\AppData\Local\Temp\DX9\SessionLauncher.exe - [file not found to scan]
----------
Key: Sftfs
ImagePath: system32\DRIVERS\Sftfslh.sys
C:\Windows\System32\DRIVERS\Sftfslh.sys
764264 bytes
Created: 01.10.2011 09:30
Modified: 01.10.2011 09:30
Company: Microsoft Corporation
----------
Key: sftlist
ImagePath: "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
508776 bytes
Created: 01.10.2011 09:30
Modified: 01.10.2011 09:30
Company: Microsoft Corporation
----------
Key: Sftplay
ImagePath: system32\DRIVERS\Sftplaylh.sys
C:\Windows\System32\DRIVERS\Sftplaylh.sys
268648 bytes
Created: 01.10.2011 09:30
Modified: 01.10.2011 09:30
Company: Microsoft Corporation
----------
Key: Sftredir
ImagePath: system32\DRIVERS\Sftredirlh.sys
C:\Windows\System32\DRIVERS\Sftredirlh.sys
25960 bytes
Created: 01.10.2011 09:30
Modified: 01.10.2011 09:30
Company: Microsoft Corporation
----------
Key: Sftvol
ImagePath: system32\DRIVERS\Sftvollh.sys
C:\Windows\System32\DRIVERS\Sftvollh.sys
22376 bytes
Created: 01.10.2011 09:30
Modified: 01.10.2011 09:30
Company: Microsoft Corporation
----------
Key: sftvsa
ImagePath: "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
219496 bytes
Created: 01.10.2011 09:30
Modified: 01.10.2011 09:30
Company: Microsoft Corporation
----------
Key: SkypeUpdate
ImagePath: D:\Skype\Updater\Updater.exe
D:\Skype\Updater\Updater.exe
-R- 161384 bytes
Created: 07.02.2013 14:10
Modified: 07.02.2013 14:10
Company: Skype Technologies
----------
Key: ssudmdm
ImagePath: system32\DRIVERS\ssudmdm.sys
C:\Windows\System32\DRIVERS\ssudmdm.sys
203672 bytes
Created: 08.08.2013 23:04
Modified: 21.06.2013 02:07
Company: DEVGURU Co., LTD.(www.devguru.co.kr)
----------
Key: Stereo Service
ImagePath: "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
413472 bytes
Created: 09.08.2013 15:37
Modified: 09.08.2013 15:37
Company: NVIDIA Corporation
----------
Key: stllssvr
ImagePath: "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
-R- 74392 bytes
Created: 30.04.2009 13:59
Modified: 30.04.2009 13:59
Company: MicroVision Development, Inc.
----------
Key: swenum
ImagePath: \SystemRoot\system32\drivers\swenum.sys
C:\Windows\System32\drivers\swenum.sys
12496 bytes
Created: 14.07.2009 02:00
Modified: 14.07.2009 03:45
Company: Microsoft Corporation
----------
Key: tdrpman273
ImagePath: system32\DRIVERS\tdrpm273.sys
C:\Windows\System32\DRIVERS\tdrpm273.sys
1263200 bytes
Created: 23.01.2011 15:27
Modified: 06.03.2012 11:59
Company: Acronis
----------
Key: TermDD
ImagePath: \SystemRoot\system32\drivers\termdd.sys
C:\Windows\System32\drivers\termdd.sys
63360 bytes
Created: 27.04.2011 22:51
Modified: 20.11.2010 15:33
Company: Microsoft Corporation
----------
Key: TsUsbFlt
ImagePath: system32\drivers\tsusbflt.sys
C:\Windows\System32\drivers\tsusbflt.sys
57856 bytes
Created: 15.12.2012 02:23
Modified: 23.08.2012 16:07
Company: Microsoft Corporation
----------
Key: TuneUp.UtilitiesSvc
ImagePath: "D:\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
D:\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
2028864 bytes
Created: 13.12.2011 10:34
Modified: 13.12.2011 10:34
Company: TuneUp Software
----------
Key: TuneUpUtilitiesDrv
ImagePath: \??\D:\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
D:\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
11856 bytes
Created: 29.11.2010 20:27
Modified: 29.11.2010 20:27
Company: TuneUp Software
----------
Key: UNS
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2320920 bytes
Created: 31.12.2010 12:38
Modified: 30.09.2009 20:02
Company: Intel Corporation
----------
Key: USBAAPL64
ImagePath: System32\Drivers\usbaapl64.sys
C:\Windows\System32\Drivers\usbaapl64.sys
54784 bytes
Created: 13.12.2012 14:50
Modified: 13.12.2012 14:50
Company: Apple, Inc.
----------
Key: WinUsb
ImagePath: system32\DRIVERS\WinUSB.SYS
C:\Windows\System32\DRIVERS\WinUSB.SYS
41984 bytes
Created: 27.04.2011 22:51
Modified: 20.11.2010 12:43
Company: Microsoft Corporation
----------
Key: wlidsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2292480 bytes
Created: 17.07.2012 15:14
Modified: 17.07.2012 15:14
Company: Microsoft Corp.
----------
************************************************************
12:14:10: Scanning -----VXD ENTRIES-----
************************************************************
12:14:10: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan
Rootkit scan of Winlogon\Notify key not possible [key may not exist]
************************************************************
12:14:10: Scanning ----- ContextMenuHandlers -----
Key: 7-Zip
CLSID: {23170F69-40C1-278A-1000-000100020000}
Path: D:\7_Zip\7-Zip\7-zip.dll
D:\7_Zip\7-Zip\7-zip.dll
55808 bytes
Created: 18.11.2010 18:08
Modified: 18.11.2010 18:08
Company: Igor Pavlov
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: D:\TuneUp Utilities 2011\SDShelEx-win32.dll
D:\TuneUp Utilities 2011\SDShelEx-win32.dll
30016 bytes
Created: 13.12.2011 10:29
Modified: 13.12.2011 10:29
Company: TuneUp Software
----------
Key: VersionsPageShellExt
CLSID: {9E42900A-85F9-4E67-9778-575FBBA0A81C}
Path: D:\Acronis True Image_2011\versions_page.dll
D:\Acronis True Image_2011\versions_page.dll
128352 bytes
Created: 22.09.2011 23:22
Modified: 22.09.2011 23:22
Company: Acronis
----------
Key: {C539A15A-3AF9-4c92-B771-50CB78F5C751}
Path: D:\Acronis True Image_2011\tishell.dll
D:\Acronis True Image_2011\tishell.dll
1030536 bytes
Created: 22.09.2011 23:21
Modified: 22.09.2011 23:21
Company: Acronis
----------
************************************************************
12:14:11: Scanning ----- Folder\ColumnHandlers -----
No Folder\ColumnHandler entries found to scan
************************************************************
12:14:11: Scanning ----- 64-Bit ContextMenuHandlers -----
Key: AVK9CM
CLSID: {CAF4C320-32F5-11D3-A222-004095200FF2}
Path: D:\GData\AVK\ShellExt64.dll
D:\GData\AVK\ShellExt64.dll
333848 bytes
Created: 17.08.2011 16:00
Modified: 21.05.2012 05:35
Company: G Data Software AG
----------
Key: RXDCExtSvr
CLSID: {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
Path: C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll
C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll
145904 bytes
Created: 26.06.2009 12:31
Modified: 26.06.2009 12:31
Company: Sonic Solutions
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: D:\TuneUp Utilities 2011\SDShelEx-x64.dll
D:\TuneUp Utilities 2011\SDShelEx-x64.dll
28480 bytes
Created: 13.12.2011 10:29
Modified: 13.12.2011 10:29
Company: TuneUp Software
----------
Key: VersionsPageShellExt
CLSID: {9E42900A-85F9-4E67-9778-575FBBA0A81C}
Path: D:\Acronis True Image_2011\x64\versions_page.dll
D:\Acronis True Image_2011\x64\versions_page.dll
142176 bytes
Created: 22.09.2011 23:22
Modified: 22.09.2011 23:22
Company: Acronis
----------
Key: {C539A15A-3AF9-4c92-B771-50CB78F5C751}
Path: D:\Acronis True Image_2011\tishell64.dll
D:\Acronis True Image_2011\tishell64.dll
1246088 bytes
Created: 22.09.2011 23:22
Modified: 22.09.2011 23:22
Company: Acronis
----------
************************************************************
12:14:11: Scanning ----- 64-Bit Folder\ColumnHandlers -----
No Folder\ColumnHandler entries found to scan
************************************************************
12:14:11: Scanning ----- Browser Helper Objects -----
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: D:\Java\bin\ssv.dll
D:\Java\bin\ssv.dll
463272 bytes
Created: 09.03.2013 22:44
Modified: 03.09.2013 19:07
Company: Oracle Corporation
----------
Key: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}
BHO: C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
52728 bytes
Created: 10.08.2011 17:31
Modified: 27.01.2012 15:40
Company: G Data Software AG
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: D:\Java\bin\jp2ssv.dll
D:\Java\bin\jp2ssv.dll
171944 bytes
Created: 09.03.2013 22:44
Modified: 03.09.2013 19:07
Company: Oracle Corporation
----------
************************************************************
12:14:11: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
529664 bytes
Created: 17.07.2012 15:17
Modified: 17.07.2012 15:17
Company: Microsoft Corp.
----------
************************************************************
12:14:12: Scanning ----- ShellServiceObjectDelayLoad Entries
************************************************************
12:14:12: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries
************************************************************
12:14:12: Scanning ----- ShellServiceObjects
************************************************************
12:14:12: Scanning ----- 64-Bit ShellServiceObjects
************************************************************
12:14:12: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan
************************************************************
12:14:12: Scanning ----- IMAGEFILE DEBUGGERS -----
Key = creator10.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = driverscanner.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = itunes.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = musicdisccreator10.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = nvstlink.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = nvstview.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = photosuite10.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = powerdvd9.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = retrieve10.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = roxwizardlauncher10.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = skype.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = soundedit10.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = stax.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
Key = unins000.exe
Image File Debugger details:
D:\TuneUp Utilities 2011\TUAutoReactivator64.exe
113472 bytes
Created: 13.12.2011 10:35
Modified: 13.12.2011 10:35
Company: TuneUp Software
"D:\TuneUp Utilities 2011\TUAutoReactivator64.exe" - Debugger entry has been excluded from scanning
----------
************************************************************
12:15:07: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
12:15:07: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
12:15:07: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14.07.2009 06:54
Modified: 14.07.2009 06:54
Company: [no info]
--------------------
************************************************************
12:15:07: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: sauterch
[C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 30.12.2010 22:36
Modified: 08.08.2013 22:23
Company: [no info]
----------
--------------------
************************************************************
12:15:07: Scanning ----- SCHEDULED TASKS -----
Taskname: {00713CB9-7ED8-4245-BF9E-CC03CC38DF87}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
276376 bytes
Created: 19.08.2013 06:40
Modified: 14.08.2013 19:55
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {055FCA50-8DE4-4486-B42F-147BF36C5FC7}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
276376 bytes
Created: 19.08.2013 06:40
Modified: 14.08.2013 19:55
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {400197BC-65DC-41D5-945A-2EF9298838F1}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
276376 bytes
Created: 19.08.2013 06:40
Modified: 14.08.2013 19:55
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.115/de/go/help.faq.installer?LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {5C00BB8D-3F7F-4CA2-8BC1-AD073F5AD5FD}
File: C:\Program Files (x86)\Skype\Phone\Skype.exe
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
C:\Program Files (x86)\Skype\Phone\Skype.exe - [file not found to scan]
----------
Taskname: {5DB2831F-AD6A-4A83-9274-E33CF6B93952}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
276376 bytes
Created: 19.08.2013 06:40
Modified: 14.08.2013 19:55
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?source=lightinstaller&LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetupLight
Comments:
----------
Taskname: {8356B895-1E2D-4985-90C0-600205F330C9}
File: C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
2677232 bytes
Created: 22.06.2009 12:36
Modified: 22.06.2009 12:36
Company:
Schedule: At task creation/modification
Next Run Time:
Status: Disabled
Creator:
Comments:
----------
Taskname: {DD5500C3-E770-42ED-99DC-084BABEC91FA}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
276376 bytes
Created: 19.08.2013 06:40
Modified: 14.08.2013 19:55
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: {E41299EE-6113-4D8D-BDEC-716F782CDE0E}
File: d:\mozilla firefox\firefox.exe
d:\mozilla firefox\firefox.exe
276376 bytes
Created: 19.08.2013 06:40
Modified: 14.08.2013 19:55
Company: Mozilla Corporation
Parameters: hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: SkypeSetup
Comments:
----------
Taskname: CCleanerSkipUAC
File: D:\CCleaner\CCleaner.exe
D:\CCleaner\CCleaner.exe
3676952 bytes
Created: 21.08.2013 20:22
Modified: 21.08.2013 20:22
Company: Piriform Ltd
Parameters: $(Arg0)
Schedule: Task not scheduled
Next Run Time:
Status: Ready
Creator: Piriform Ltd
Comments:
----------
Taskname: Divx-Online-Aktualisierungsprogramm
File: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Parameters: /CHECKNOW
Schedule: At 10:00:00 every Montag of every week, starting 01.01.2009
Next Run Time: 09.09.2013 10:00:00
Status: Ready
Creator: TuneUp
Comments: tuident:2123EDB4
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe - [file not found to scan]
----------
Taskname: DriverScanner
File: D:\DriverScanner\DriverScanner\dsmonitor.exe
D:\DriverScanner\DriverScanner\dsmonitor.exe
25464 bytes
Created: 17.11.2011 23:11
Modified: 05.09.2011 17:20
Company: Uniblue Systems Limited
Schedule: At logon
Next Run Time:
Status: Disabled
Creator: sauterch
Comments:
----------
Taskname: Java Update Scheduler
File: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
253816 bytes
Created: 12.03.2013 07:32
Modified: 12.03.2013 07:32
Company: Oracle Corporation
Schedule: At 10:00:00 every Montag of every week, starting 01.01.2009
Next Run Time: 09.09.2013 10:00:00
Status: Ready
Creator: TuneUp
Comments: tuident:78C4302E
----------
Taskname: SidebarExecute
File: C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
1174016 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 14:17
Company: Microsoft Corporation
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator:
Comments:
----------
Taskname: TuneUpUtilities_Task_BkGndMaintenance2011
File: D:\TuneUp Utilities 2011\OneClick.exe
D:\TuneUp Utilities 2011\OneClick.exe
603968 bytes
Created: 13.12.2011 10:37
Modified: 13.12.2011 10:37
Company: TuneUp Software
Parameters: $(Arg0)
Schedule: Task not scheduled
Next Run Time:
Status: Ready
Creator:
Comments:
----------
Taskname: User_Feed_Synchronization-{E65FAF42-D005-4209-8259-34AE0371B7A1}
File: C:\Windows\Sysnative\msfeedssync.exe
C:\Windows\System32\msfeedssync.exe
12800 bytes
Created: 23.03.2013 00:21
Modified: 23.03.2013 00:21
Company: Microsoft Corporation
Parameters: sync
Schedule: At 17:00:42 every day
Next Run Time: 08.09.2013 19:00:42
Status: Ready
Creator: sauterch-PC\sauterch
Comments: Aktualisiert veraltete Systemfeeds.
----------
************************************************************
12:15:09: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\Windows\System32\ntshrui.dll
509952 bytes
Created: 18.02.2012 11:28
Modified: 04.01.2012 12:44
Company: Microsoft Corporation
----------
************************************************************
12:15:10: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.i420
File: lvcodec2.dll
lvcodec2.dll - [file not found to scan]
----------
Value: msacm.l3acm
File: C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created: 14.07.2009 02:07
Modified: 14.07.2009 03:14
Company: Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: vidc.cvid
File: iccvid.dll
iccvid.dll - [file not found to scan]
----------
************************************************************
12:15:10: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
144595 bytes
Created: 30.12.2010 22:36
Modified: 30.08.2013 21:04
Company: [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
----------
Additional checks completed
************************************************************
12:15:10: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
112640 bytes
Created: 11.04.2013 17:58
Modified: 19.03.2013 05:06
Company: Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created: 14.07.2009 01:19
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created: 14.07.2009 01:52
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created: 14.07.2009 01:19
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\lsass.exe
31232 bytes
Created: 31.01.2012 20:14
Modified: 17.11.2011 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:24
Company: Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
390656 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:25
Company: Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created: 14.07.2009 01:31
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1137440 bytes
Created: 03.09.2013 16:19
Modified: 09.08.2013 22:07
Company: NVIDIA Corporation
--------------------
C:\Windows\System32\spoolsv.exe
559104 bytes
Created: 16.08.2012 20:51
Modified: 11.02.2012 08:36
Company: Microsoft Corporation
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
462184 bytes
Created: 30.08.2011 23:05
Modified: 30.08.2011 23:05
Company: Apple Inc.
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
223488 bytes
Created: 17.07.2012 15:14
Modified: 17.07.2012 15:14
Company: Microsoft Corp.
--------------------
C:\Windows\System32\WUDFHost.exe
229888 bytes
Created: 17.11.2012 01:28
Modified: 26.07.2012 05:08
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
283640 bytes
Created: 28.07.2011 03:59
Modified: 27.01.2012 05:49
Company: G Data Software AG
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created: 30.06.2011 17:55
Modified: 04.05.2011 07:19
Company: Microsoft Corporation
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created: 09.01.2013 20:53
Modified: 23.11.2012 05:13
Company: Microsoft Corporation
--------------------
D:\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
786240 bytes
Created: 13.12.2011 10:34
Modified: 13.12.2011 10:34
Company: TuneUp Software
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created: 14.07.2009 01:37
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
231704 bytes
Created: 27.09.2011 21:05
Modified: 27.09.2011 21:05
Company: Logitech, Inc.
--------------------
C:\Users\sauterch\AppData\Local\Apps\2.0\N7JC67JJ.28D\EXZ09BGP.07J\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\fritzbox-usb-fernanschluss.exe
327520 bytes
Created: 20.08.2013 18:15
Modified: 20.08.2013 18:15
Company: AVM Berlin
--------------------
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
2450208 bytes
Created: 09.03.2013 22:48
Modified: 09.08.2013 22:07
Company: NVIDIA Corporation
--------------------
C:\Windows\System32\taskeng.exe
464384 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:25
Company: Microsoft Corporation
--------------------
D:\Trojan Remover\Rmvtrjan.exe
FileSize: 5078264
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\System32\wbem\WmiPrvSE.exe
372736 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:25
Company: Microsoft Corporation
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created: 30.06.2011 17:55
Modified: 04.05.2011 07:19
Company: Microsoft Corporation
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created: 30.06.2011 17:55
Modified: 04.05.2011 07:19
Company: Microsoft Corporation
--------------------
************************************************************
12:15:13: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8ff9e2c0-c955-4d2e-a461-0606362ab29b&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 12:15:13 08 Sep 2013
Total Scan time: 00:01:16
************************************************************
***** THE SYSTEM HAS BEEN RESTARTED *****
25.08.2013 21:27:47: Trojan Remover has been restarted
C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll has been deleted (if it existed)
Unable to rename C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll to C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll.vir
(C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll does not appear to exist)
25.08.2013 21:27:47: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.8.2622. For information, email support@simplysup.com
[Registered to: sauterch@yahoo.de]
Scan started at: 21:25:00 25 Aug 2013
Using Database v8203
Operating System: Windows 7 x64 Home Premium (SP1) [Build: 6.1.7601] [in Compatibility Mode]
True Operating System: Windows 8 x64
File System: NTFS
User Account Control is Enabled
[Secure Desktop Prompt is DISABLED]
UserData directory: C:\Users\sauterch\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\sauterch\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: D:\Trojan Remover\
Running with Administrator privileges
************************************************************
PC appears to be in SAFE MODE with Network Support.
************************************************************
21:25:01: ----- Checking Default File Associations -----
No modified default file associations detected
************************************************************
21:25:01: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
21:25:01: Scanning ----- Windows Registry -----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2871808 bytes
Created: 27.04.2011 18:56
Modified: 25.02.2011 08:19
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe
30720 bytes
Created: 27.04.2011 22:51
Modified: 20.11.2010 15:25
Company: Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [G Data AntiVirus Tray Application]
Value Data: [D:\GData\AVKTray\AVKTray.exe]
D:\GData\AVKTray\AVKTray.exe
1035216 bytes
Created: 22.02.2013 23:08
Modified: 09.01.2013 14:01
Company: G Data Software AG
--------------------
Value Name: [GDFirewallTray]
Value Data: [D:\GData\Firewall\GDFirewallTray.exe]
D:\GData\Firewall\GDFirewallTray.exe
1475096 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 06:20
Company: G Data Software AG
--------------------
Value Name: [TrojanScanner]
Value Data: [D:\Trojan Remover\Trjscan.exe /boot]
D:\Trojan Remover\Trjscan.exe
1655568 bytes
Created: 25.08.2013 20:52
Modified: 19.07.2013 17:42
Company: Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [Sidebar]
Value Data: [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun]
C:\Program Files\Windows Sidebar\sidebar.exe
1475584 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:25
Company: Microsoft Corporation
--------------------
Value Name: [ctfmon.exe]
Value Data: ["C:\Windows\system32\ctfmon.exe"]
C:\Windows\System32\ctfmon.exe
9728 bytes
Created: 14.07.2009 01:39
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
Value Name: [AVMUSBFernanschluss]
Value Data: ["C:\Users\sauterch\AppData\Local\Apps\2.0\N7JC67JJ.28D\EXZ09BGP.07J\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\AVMAutoStart.exe"]
C:\Users\sauterch\AppData\Local\Apps\2.0\N7JC67JJ.28D\EXZ09BGP.07J\frit..tion_1acae14e4778b8d2_0002.0003_7c9366a34786c7f9\AVMAutoStart.exe
139264 bytes
Created: 20.08.2013 18:15
Modified: 20.08.2013 18:15
Company: AVM Berlin
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: [Uninstall C:\Users\sauterch\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64]
Value Data: [C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\sauterch\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"]
C:\Windows\System32\cmd.exe
345088 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:24
Company: Microsoft Corporation
************************************************************
21:25:03: Scanning ----- Windows 64-Bit Registry -----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [Acronis Scheduler2 Service]
Value Data: ["C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"]
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
391240 bytes
Created: 06.12.2010 07:55
Modified: 06.12.2010 07:55
Company: Acronis
--------------------
Value Name: [EvtMgr6]
Value Data: [D:\Logitech\SetPointP\SetPoint.exe /launchGaming]
D:\Logitech\SetPointP\SetPoint.exe
1744152 bytes
Created: 07.10.2011 11:38
Modified: 07.10.2011 11:38
Company: Logitech, Inc.
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
************************************************************
21:25:03: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty
************************************************************
21:25:03: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
21:25:03: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
21:25:03: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {2D46B6DC-2207-486B-B523-A557E6D54B47}
Path: C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
C:\Windows\System32\cmd.exe
345088 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:24
Company: Microsoft Corporation
----------
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
C:\Program Files (x86)\Windows Mail\WinMail.exe
************************************************************
21:25:04: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: UxTuneUp
Path: %SystemRoot%\System32\uxtuneup.dll
C:\Windows\System32\uxtuneup.dll
36160 bytes
Created: 15.01.2011 17:11
Modified: 13.12.2011 10:29
Company: TuneUp Software
--------------------
Key: wuauserv
Path: C:\Windows\system32\wuaueng.dll
C:\Windows\System32\wuaueng.dll
2428952 bytes
Created: 22.06.2012 18:39
Modified: 03.06.2012 00:19
Company: Microsoft Corporation
--------------------
************************************************************
21:25:06: Scanning ----- SERVICES REGISTRY KEYS -----
-----
-----
-----
Key: AAV UpdateService
ImagePath: D:\Steuer-Spar-Erklaerung\AAVUpdateManager\aavus.exe
D:\Steuer-Spar-Erklaerung\AAVUpdateManager\aavus.exe
128296 bytes
Created: 24.10.2008 16:35
Modified: 24.10.2008 16:35
Company:
----------
Key: AcrSch2Svc
ImagePath: "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1112744 bytes
Created: 06.12.2010 07:55
Modified: 06.12.2010 07:55
Company: Acronis
----------
Key: afcdp
ImagePath: system32\DRIVERS\afcdp.sys
C:\Windows\System32\DRIVERS\afcdp.sys
285280 bytes
Created: 06.03.2012 11:59
Modified: 06.03.2012 11:59
Company: Acronis
----------
Key: afcdpsrv
ImagePath: C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
3246040 bytes
Created: 06.03.2012 11:59
Modified: 06.03.2012 11:59
Company: Acronis
----------
Key: amdsata
ImagePath: \SystemRoot\system32\drivers\amdsata.sys
C:\Windows\System32\drivers\amdsata.sys
107904 bytes
Created: 27.04.2011 18:56
Modified: 11.03.2011 08:41
Company: Advanced Micro Devices
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
57008 bytes
Created: 21.12.2012 17:27
Modified: 21.12.2012 17:27
Company: Apple Inc.
----------
Key: atapi
ImagePath: system32\drivers\atapi.sys
C:\Windows\System32\drivers\atapi.sys
24128 bytes
Created: 14.07.2009 01:19
Modified: 14.07.2009 03:52
Company: Microsoft Corporation
----------
Key: AVKProxy
ImagePath: "C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe"
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
1548312 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 05:49
Company: G Data Software AG
----------
Key: AVKService
ImagePath: "D:\GData\AVK\AVKService.exe"
D:\GData\AVK\AVKService.exe
469016 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 05:47
Company: G Data Software AG
----------
Key: AVKWCtl
ImagePath: "D:\GData\AVK\AVKWCtlX64.exe"
D:\GData\AVK\AVKWCtlX64.exe
2012592 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 06:08
Company: G Data Software AG
----------
Key: avmaudio
ImagePath: system32\DRIVERS\avmaudio.sys
C:\Windows\System32\DRIVERS\avmaudio.sys
116096 bytes
Created: 08.01.2011 21:23
Modified: 08.01.2011 21:23
Company: AVM Berlin
----------
Key: avmaura
ImagePath: system32\DRIVERS\avmaura.sys
C:\Windows\System32\DRIVERS\avmaura.sys
116480 bytes
Created: 22.12.2012 11:27
Modified: 22.12.2012 11:26
Company: AVM Berlin
----------
Key: b06bdrv
ImagePath: \SystemRoot\system32\DRIVERS\bxvbda.sys
C:\Windows\System32\DRIVERS\bxvbda.sys
468480 bytes
Created: 10.06.2009 22:34
Modified: 10.06.2009 22:34
Company: Broadcom Corporation
----------
Key: b57nd60a
ImagePath: system32\DRIVERS\b57nd60a.sys
C:\Windows\System32\DRIVERS\b57nd60a.sys
270848 bytes
Created: 10.06.2009 22:34
Modified: 10.06.2009 22:34
Company: Broadcom Corporation
----------
Key: CLKMSVC10_C19A2874
ImagePath: "D:\Cyberlink PowerDVD\PowerDVD9\NavFilter\kmsvc.exe" /svc
D:\Cyberlink PowerDVD\PowerDVD9\NavFilter\kmsvc.exe
232944 bytes
Created: 26.04.2010 19:10
Modified: 26.04.2010 19:10
Company: CyberLink
----------
Key: clr_optimization_v2.0.50727_64
ImagePath: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
89920 bytes
Created: 13.07.2009 22:37
Modified: 10.06.2009 22:39
Company: Microsoft Corporation
----------
Key: clr_optimization_v4.0.30319_32
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 18.03.2010 14:16
Modified: 18.03.2010 14:16
Company: Microsoft Corporation
----------
Key: clr_optimization_v4.0.30319_64
ImagePath: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
138576 bytes
Created: 18.03.2010 15:27
Modified: 18.03.2010 15:27
Company: Microsoft Corporation
----------
Key: CompositeBus
ImagePath: \SystemRoot\system32\drivers\CompositeBus.sys
C:\Windows\System32\drivers\CompositeBus.sys
38912 bytes
Created: 27.04.2011 22:51
Modified: 20.11.2010 12:33
Company: Microsoft Corporation
----------
Key: cvhsvc
ImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
822624 bytes
Created: 04.01.2012 15:22
Modified: 04.01.2012 15:22
Company: Microsoft Corporation
----------
Key: dg_ssudbus
ImagePath: system32\DRIVERS\ssudbus.sys
C:\Windows\System32\DRIVERS\ssudbus.sys
103448 bytes
Created: 08.08.2013 23:04
Modified: 21.06.2013 02:07
Company: DEVGURU Co., LTD.(www.devguru.co.kr)
----------
Key: ebdrv
ImagePath: \SystemRoot\system32\DRIVERS\evbda.sys
C:\Windows\System32\DRIVERS\evbda.sys
3286016 bytes
Created: 10.06.2009 22:34
Modified: 10.06.2009 22:34
Company: Broadcom Corporation
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
1045256 bytes
Created: 06.01.2011 13:00
Modified: 06.01.2011 13:00
Company: Acresso Software Inc.
----------
Key: FontCache3.0.0.0
ImagePath: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
42856 bytes
Created: 27.04.2011 22:51
Modified: 05.11.2010 03:53
Company: Microsoft Corporation
----------
Key: FsUsbExDisk
ImagePath: \??\C:\Windows\SysWOW64\FsUsbExDisk.SYS
C:\Windows\SysWOW64\FsUsbExDisk.SYS
37344 bytes
Created: 22.02.2013 23:17
Modified: 05.02.2013 10:54
Company: [no info]
----------
Key: Garmin Core Update Service
ImagePath: "D:\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
D:\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
219480 bytes
Created: 22.07.2013 10:22
Modified: 22.07.2013 10:22
Company: Garmin Ltd or its subsidiaries
----------
Key: GDBehave
ImagePath: system32\drivers\GDBehave.sys
C:\Windows\System32\drivers\GDBehave.sys
54176 bytes
Created: 31.12.2010 12:25
Modified: 08.01.2013 13:21
Company: G Data Software AG
----------
Key: GDFwSvc
ImagePath: "D:\GData\Firewall\GDFwSvcx64.exe"
D:\GData\Firewall\GDFwSvcx64.exe
2377736 bytes
Created: 08.01.2013 13:21
Modified: 29.11.2012 06:14
Company: G Data Software AG
----------
Key: GDMnIcpt
ImagePath: \??\C:\Windows\system32\drivers\MiniIcpt.sys
C:\Windows\System32\drivers\MiniIcpt.sys
126880 bytes
Created: 31.12.2010 12:24
Modified: 08.01.2013 13:21
Company: G Data Software AG
----------
Key: GdNetMon
ImagePath: \??\C:\Windows\system32\drivers\GdNetMon64.sys
C:\Windows\System32\drivers\GdNetMon64.sys
31608 bytes
Created: 31.10.2011 23:38
Modified: 31.10.2011 23:38
Company: G Data Software AG
----------
Key: GDPkIcpt
ImagePath: \??\C:\Windows\system32\drivers\PktIcpt.sys
C:\Windows\System32\drivers\PktIcpt.sys
62368 bytes
Created: 31.12.2010 12:25
Modified: 08.01.2013 13:23
Company: G Data Software AG
----------
Key: GDScan
ImagePath: "C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe"
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
470008 bytes
Created: 17.08.2012 16:29
Modified: 29.03.2012 04:42
Company: G Data Software AG
----------
Key: gdwfpcd
ImagePath: system32\drivers\gdwfpcd64.sys
C:\Windows\System32\drivers\gdwfpcd64.sys
65008 bytes
Created: 31.12.2010 12:24
Modified: 22.02.2013 23:08
Company: G Data Software AG
----------
Key: GRD
ImagePath: \??\C:\Windows\system32\drivers\GRD.sys
C:\Windows\System32\drivers\GRD.sys
106648 bytes
Created: 31.12.2010 13:21
Modified: 01.09.2012 13:15
Company: G Data Software
----------
Key: gusvc
ImagePath: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 04.01.2011 22:06
Modified: 11.06.2010 02:40
Company: Google
----------
Key: HECIx64
ImagePath: system32\DRIVERS\HECIx64.sys
C:\Windows\System32\DRIVERS\HECIx64.sys
56344 bytes
Created: 31.12.2010 12:37
Modified: 17.09.2009 13:54
Company: Intel Corporation
----------
Key: HookCentre
ImagePath: \??\C:\Windows\system32\drivers\HookCentre.sys
C:\Windows\System32\drivers\HookCentre.sys
64416 bytes
Created: 31.10.2011 23:38
Modified: 22.02.2013 23:08
Company: G Data Software AG
----------
Key: iaStorV
ImagePath: \SystemRoot\system32\drivers\iaStorV.sys
C:\Windows\System32\drivers\iaStorV.sys
410496 bytes
Created: 27.04.2011 18:56
Modified: 11.03.2011 08:41
Company: Intel Corporation
----------
Key: idsvc
ImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
856400 bytes
Created: 27.04.2011 22:51
Modified: 05.11.2010 03:52
Company: Microsoft Corporation
----------
Key: IGDCTRL
ImagePath: "C:\Program Files\FRITZ!DSL\IGDCTRL.EXE"
C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
88888 bytes
Created: 28.07.2009 17:10
Modified: 28.07.2009 17:10
Company: AVM Berlin
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RTKVHD64.sys
C:\Windows\System32\drivers\RTKVHD64.sys - [file not found to scan]
----------
Key: k57nd60a
ImagePath: system32\DRIVERS\k57nd60a.sys
C:\Windows\System32\DRIVERS\k57nd60a.sys
321064 bytes
Created: 16.10.2009 03:32
Modified: 16.10.2009 03:32
Company: Broadcom Corporation
----------
Key: ksthunk
ImagePath: \SystemRoot\system32\drivers\ksthunk.sys
C:\Windows\System32\drivers\ksthunk.sys
20992 bytes
Created: 14.07.2009 02:00
Modified: 14.07.2009 02:00
Company: Microsoft Corporation
----------
Key: LBTServ
ImagePath: C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
359192 bytes
Created: 27.09.2011 21:04
Modified: 27.09.2011 21:04
Company: Logitech, Inc.
----------
Key: LMS
ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
268824 bytes
Created: 31.12.2010 12:38
Modified: 30.09.2009 21:02
Company: Intel Corporation
----------
Key: LUsbFilt
ImagePath: System32\Drivers\LUsbFilt.Sys
C:\Windows\System32\Drivers\LUsbFilt.Sys
42776 bytes
Created: 02.09.2011 08:30
Modified: 02.09.2011 08:30
Company: Logitech, Inc.
----------
Key: lvpepf64
ImagePath: system32\DRIVERS\lv302a64.sys
C:\Windows\System32\DRIVERS\lv302a64.sys
15768 bytes
Created: 26.07.2008 16:22
Modified: 26.07.2008 16:22
Company: Logitech Inc.
----------
Key: LVRS64
ImagePath: system32\DRIVERS\lvrs64.sys
C:\Windows\System32\DRIVERS\lvrs64.sys
790424 bytes
Created: 26.07.2008 16:25
Modified: 26.07.2008 16:25
Company: Logitech Inc.
----------
Key: LVUSBS64
ImagePath: system32\drivers\LVUSBS64.sys
C:\Windows\System32\drivers\LVUSBS64.sys
50072 bytes
Created: 26.07.2008 16:26
Modified: 26.07.2008 16:26
Company: Logitech Inc.
----------
Key: MozillaMaintenance
ImagePath: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
117656 bytes
Created: 22.08.2013 19:50
Modified: 14.08.2013 19:55
Company: Mozilla Foundation
----------
Key: mssmbios
ImagePath: \SystemRoot\system32\drivers\mssmbios.sys
C:\Windows\System32\drivers\mssmbios.sys
32320 bytes
Created: 14.07.2009 01:31
Modified: 14.07.2009 03:48
Company: Microsoft Corporation
----------
Key: NVHDA
ImagePath: system32\drivers\nvhda64v.sys
C:\Windows\System32\drivers\nvhda64v.sys
194848 bytes
Created: 08.08.2013 22:36
Modified: 25.02.2013 07:27
Company: NVIDIA Corporation
----------
Key: nvsvc
ImagePath: "C:\Windows\system32\nvvsvc.exe"
C:\Windows\System32\nvvsvc.exe
884512 bytes
Created: 14.06.2010 01:04
Modified: 21.06.2013 12:23
Company: NVIDIA Corporation
----------
Key: nvvad_WaveExtensible
ImagePath: system32\drivers\nvvad64v.sys
C:\Windows\System32\drivers\nvvad64v.sys - [file not found to scan]
----------
Key: ose
ImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
149352 bytes
Created: 09.01.2010 22:18
Modified: 09.01.2010 22:18
Company: Microsoft Corporation
----------
Key: osppsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4925184 bytes
Created: 09.01.2010 22:34
Modified: 09.01.2010 22:34
Company: Microsoft Corporation
----------
Key: PerfHost
ImagePath: %SystemRoot%\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
20992 bytes
Created: 14.07.2009 01:11
Modified: 14.07.2009 03:14
Company: Microsoft Corporation
----------
Key: PID_PEPI
ImagePath: system32\DRIVERS\LV302V64.SYS
C:\Windows\System32\DRIVERS\LV302V64.SYS
2624408 bytes
Created: 26.07.2008 16:22
Modified: 26.07.2008 16:22
Company: Logitech Inc.
----------
Key: PxHlpa64
ImagePath: System32\Drivers\PxHlpa64.sys
C:\Windows\System32\Drivers\PxHlpa64.sys
55856 bytes
Created: 06.01.2011 13:58
Modified: 04.03.2011 21:44
Company: Sonic Solutions
----------
Key: rdpbus
ImagePath: \SystemRoot\system32\DRIVERS\rdpbus.sys
C:\Windows\System32\DRIVERS\rdpbus.sys
24064 bytes
Created: 14.07.2009 02:17
Modified: 14.07.2009 02:17
Company: Microsoft Corporation
----------
Key: RdpVideoMiniport
ImagePath: System32\drivers\rdpvideominiport.sys
C:\Windows\System32\drivers\rdpvideominiport.sys
19456 bytes
Created: 15.12.2012 02:23
Modified: 23.08.2012 16:10
Company: Microsoft Corporation
----------
Key: RoxMediaDB10
ImagePath: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe"
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
1124848 bytes
Created: 26.06.2009 12:19
Modified: 26.06.2009 12:19
Company: Sonic Solutions
----------
Key: RxFilter
ImagePath: system32\DRIVERS\RxFilter.sys
C:\Windows\System32\DRIVERS\RxFilter.sys - [file not found to scan]
----------
Key: Serenum
ImagePath: \SystemRoot\system32\DRIVERS\serenum.sys
C:\Windows\System32\DRIVERS\serenum.sys
23552 bytes
Created: 14.07.2009 02:00
Modified: 14.07.2009 02:00
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\DRIVERS\serial.sys
C:\Windows\System32\DRIVERS\serial.sys
94208 bytes
Created: 14.07.2009 02:00
Modified: 14.07.2009 02:00
Company: Microsoft Corporation
----------
Key: SessionLauncher
ImagePath: C:\Users\sauterch\AppData\Local\Temp\DX9\SessionLauncher.exe
C:\Users\sauterch\AppData\Local\Temp\DX9\SessionLauncher.exe - [file not found to scan]
----------
Key: Sftfs
ImagePath: system32\DRIVERS\Sftfslh.sys
C:\Windows\System32\DRIVERS\Sftfslh.sys
764264 bytes
Created: 01.10.2011 09:30
Modified: 01.10.2011 09:30
Company: Microsoft Corporation
----------
Key: sftlist
ImagePath: "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
508776 bytes
Created: 01.10.2011 09:30
Modified: 01.10.2011 09:30
Company: Microsoft Corporation
----------
Key: Sftplay
ImagePath: system32\DRIVERS\Sftplaylh.sys
C:\Windows\System32\DRIVERS\Sftplaylh.sys
268648 bytes
Created: 01.10.2011 09:30
Modified: 01.10.2011 09:30
Company: Microsoft Corporation
----------
Key: Sftredir
ImagePath: system32\DRIVERS\Sftredirlh.sys
C:\Windows\System32\DRIVERS\Sftredirlh.sys
25960 bytes
Created: 01.10.2011 09:30
Modified: 01.10.2011 09:30
Company: Microsoft Corporation
----------
Key: Sftvol
ImagePath: system32\DRIVERS\Sftvollh.sys
C:\Windows\System32\DRIVERS\Sftvollh.sys
22376 bytes
Created: 01.10.2011 09:30
Modified: 01.10.2011 09:30
Company: Microsoft Corporation
----------
Key: sftvsa
ImagePath: "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
219496 bytes
Created: 01.10.2011 09:30
Modified: 01.10.2011 09:30
Company: Microsoft Corporation
----------
Key: SkypeUpdate
ImagePath: D:\Skype\Updater\Updater.exe
D:\Skype\Updater\Updater.exe
-R- 161384 bytes
Created: 07.02.2013 14:10
Modified: 07.02.2013 14:10
Company: Skype Technologies
----------
Key: ssudmdm
ImagePath: system32\DRIVERS\ssudmdm.sys
C:\Windows\System32\DRIVERS\ssudmdm.sys
203672 bytes
Created: 08.08.2013 23:04
Modified: 21.06.2013 02:07
Company: DEVGURU Co., LTD.(www.devguru.co.kr)
----------
Key: Stereo Service
ImagePath: "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
413472 bytes
Created: 21.06.2013 05:15
Modified: 21.06.2013 05:15
Company: NVIDIA Corporation
----------
Key: stllssvr
ImagePath: "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
-R- 74392 bytes
Created: 30.04.2009 13:59
Modified: 30.04.2009 13:59
Company: MicroVision Development, Inc.
----------
Key: swenum
ImagePath: \SystemRoot\system32\drivers\swenum.sys
C:\Windows\System32\drivers\swenum.sys
12496 bytes
Created: 14.07.2009 02:00
Modified: 14.07.2009 03:45
Company: Microsoft Corporation
----------
Key: tdrpman273
ImagePath: system32\DRIVERS\tdrpm273.sys
C:\Windows\System32\DRIVERS\tdrpm273.sys
1263200 bytes
Created: 23.01.2011 15:27
Modified: 06.03.2012 11:59
Company: Acronis
----------
Key: TermDD
ImagePath: \SystemRoot\system32\drivers\termdd.sys
C:\Windows\System32\drivers\termdd.sys
63360 bytes
Created: 27.04.2011 22:51
Modified: 20.11.2010 15:33
Company: Microsoft Corporation
----------
Key: TsUsbFlt
ImagePath: system32\drivers\tsusbflt.sys
C:\Windows\System32\drivers\tsusbflt.sys
57856 bytes
Created: 15.12.2012 02:23
Modified: 23.08.2012 16:07
Company: Microsoft Corporation
----------
Key: TuneUp.UtilitiesSvc
ImagePath: "D:\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
D:\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
2028864 bytes
Created: 13.12.2011 10:34
Modified: 13.12.2011 10:34
Company: TuneUp Software
----------
Key: UNS
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2320920 bytes
Created: 31.12.2010 12:38
Modified: 30.09.2009 21:02
Company: Intel Corporation
----------
Key: USBAAPL64
ImagePath: System32\Drivers\usbaapl64.sys
C:\Windows\System32\Drivers\usbaapl64.sys
54784 bytes
Created: 13.12.2012 14:50
Modified: 13.12.2012 14:50
Company: Apple, Inc.
----------
Key: WinUsb
ImagePath: system32\DRIVERS\WinUSB.SYS
C:\Windows\System32\DRIVERS\WinUSB.SYS
41984 bytes
Created: 27.04.2011 22:51
Modified: 20.11.2010 12:43
Company: Microsoft Corporation
----------
Key: wlidsvc
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2292480 bytes
Created: 17.07.2012 15:14
Modified: 17.07.2012 15:14
Company: Microsoft Corp.
----------
************************************************************
21:25:46: Scanning -----VXD ENTRIES-----
************************************************************
21:25:46: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan
Rootkit scan of Winlogon\Notify key not possible [key may not exist]
************************************************************
21:25:46: Scanning ----- ContextMenuHandlers -----
Key: 7-Zip
CLSID: {23170F69-40C1-278A-1000-000100020000}
Path: D:\7_Zip\7-Zip\7-zip.dll
D:\7_Zip\7-Zip\7-zip.dll
55808 bytes
Created: 18.11.2010 18:08
Modified: 18.11.2010 18:08
Company: Igor Pavlov
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: D:\TuneUp Utilities 2011\SDShelEx-win32.dll
D:\TuneUp Utilities 2011\SDShelEx-win32.dll
30016 bytes
Created: 13.12.2011 10:29
Modified: 13.12.2011 10:29
Company: TuneUp Software
----------
Key: VersionsPageShellExt
CLSID: {9E42900A-85F9-4E67-9778-575FBBA0A81C}
Path: D:\Acronis True Image_2011\versions_page.dll
D:\Acronis True Image_2011\versions_page.dll
128352 bytes
Created: 22.09.2011 23:22
Modified: 22.09.2011 23:22
Company: Acronis
----------
Key: {C539A15A-3AF9-4c92-B771-50CB78F5C751}
Path: D:\Acronis True Image_2011\tishell.dll
D:\Acronis True Image_2011\tishell.dll
1030536 bytes
Created: 22.09.2011 23:21
Modified: 22.09.2011 23:21
Company: Acronis
----------
************************************************************
21:25:47: Scanning ----- Folder\ColumnHandlers -----
No Folder\ColumnHandler entries found to scan
************************************************************
21:25:47: Scanning ----- 64-Bit ContextMenuHandlers -----
Key: AVK9CM
CLSID: {CAF4C320-32F5-11D3-A222-004095200FF2}
Path: D:\GData\AVK\ShellExt64.dll
D:\GData\AVK\ShellExt64.dll
333848 bytes
Created: 17.08.2011 16:00
Modified: 21.05.2012 05:35
Company: G Data Software AG
----------
Key: RXDCExtSvr
CLSID: {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
Path: C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll
C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll
145904 bytes
Created: 26.06.2009 12:31
Modified: 26.06.2009 12:31
Company: Sonic Solutions
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: D:\TuneUp Utilities 2011\SDShelEx-x64.dll
D:\TuneUp Utilities 2011\SDShelEx-x64.dll
28480 bytes
Created: 13.12.2011 10:29
Modified: 13.12.2011 10:29
Company: TuneUp Software
----------
Key: VersionsPageShellExt
CLSID: {9E42900A-85F9-4E67-9778-575FBBA0A81C}
Path: D:\Acronis True Image_2011\x64\versions_page.dll
D:\Acronis True Image_2011\x64\versions_page.dll
142176 bytes
Created: 22.09.2011 23:22
Modified: 22.09.2011 23:22
Company: Acronis
----------
Key: {C539A15A-3AF9-4c92-B771-50CB78F5C751}
Path: D:\Acronis True Image_2011\tishell64.dll
D:\Acronis True Image_2011\tishell64.dll
1246088 bytes
Created: 22.09.2011 23:22
Modified: 22.09.2011 23:22
Company: Acronis
----------
************************************************************
21:25:47: Scanning ----- 64-Bit Folder\ColumnHandlers -----
No Folder\ColumnHandler entries found to scan
************************************************************
21:25:47: Scanning ----- Browser Helper Objects -----
Key: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}
BHO: C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
52728 bytes
Created: 10.08.2011 17:31
Modified: 27.01.2012 15:40
Company: G Data Software AG
----------
************************************************************
21:25:47: Scanning ----- 64-Bit Browser Helper Objects -----
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: D:\Java\bin\ssv.dll
D:\Java\bin\ssv.dll
551840 bytes
Created: 09.03.2013 22:44
Modified: 09.03.2013 22:44
Company: Oracle Corporation
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
529664 bytes
Created: 17.07.2012 15:17
Modified: 17.07.2012 15:17
Company: Microsoft Corp.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: D:\Java\bin\jp2ssv.dll
D:\Java\bin\jp2ssv.dll
209824 bytes
Created: 09.03.2013 22:44
Modified: 09.03.2013 22:44
Company: Oracle Corporation
----------
************************************************************
21:25:48: Scanning ----- ShellServiceObjectDelayLoad Entries
************************************************************
21:25:48: Scanning ----- 64-Bit ShellServiceObjectDelayLoad Entries
************************************************************
21:25:48: Scanning ----- ShellServiceObjects
************************************************************
21:25:48: Scanning ----- 64-Bit ShellServiceObjects
************************************************************
21:25:48: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan
************************************************************
21:25:48: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
21:25:48: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll]
C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll - this reference will be removed
C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll - could not take ownership: Der Vorgang wurde erfolgreich beendet
[driver loading error driver loading error read file error: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll, Das Handle ist ungültig.
]
[driver loading error driver loading error read file error: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll, Das Handle ist ungültig.
]
C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll - file could not be neutralised
[driver loading error kill file error: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll, Das Handle ist ungültig.
]
C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll - marked for renaming when the PC is restarted (if it exists)
----------
************************************************************
21:26:11: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
21:26:11: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14.07.2009 06:54
Modified: 14.07.2009 06:54
Company: [no info]
--------------------
************************************************************
21:26:12: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: sauterch
[C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 30.12.2010 22:36
Modified: 08.08.2013 22:23
Company: [no info]
----------
--------------------
************************************************************
21:26:12: Scanning ----- SCHEDULED TASKS -----
Scheduled Tasks not scanned: running in Safe Mode so Task Scheduler service not running
************************************************************
21:26:12: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\Windows\System32\ntshrui.dll
509952 bytes
Created: 18.02.2012 11:28
Modified: 04.01.2012 12:44
Company: Microsoft Corporation
----------
************************************************************
21:26:12: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.i420
File: lvcodec2.dll
lvcodec2.dll - [file not found to scan]
----------
Value: msacm.l3acm
File: C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created: 14.07.2009 02:07
Modified: 14.07.2009 03:14
Company: Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: vidc.cvid
File: iccvid.dll
iccvid.dll - [file not found to scan]
----------
************************************************************
21:26:12: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\sauterch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
57120 bytes
Created: 30.12.2010 22:36
Modified: 13.08.2013 21:38
Company: [no info]
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Safe Mode checks completed
----------
Additional checks completed
************************************************************
21:26:13: Scanning ----- RUNNING PROCESSES -----
C:\Windows\System32\smss.exe
112640 bytes
Created: 11.04.2013 17:58
Modified: 19.03.2013 05:06
Company: Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created: 14.07.2009 01:19
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created: 14.07.2009 01:52
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created: 14.07.2009 01:19
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\lsass.exe
31232 bytes
Created: 31.01.2012 20:14
Modified: 17.11.2011 08:33
Company: Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:24
Company: Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
390656 bytes
Created: 27.04.2011 22:52
Modified: 20.11.2010 15:25
Company: Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created: 14.07.2009 01:31
Modified: 14.07.2009 03:39
Company: Microsoft Corporation
--------------------
D:\Mozilla Firefox\firefox.exe
276376 bytes
Created: 19.08.2013 06:40
Modified: 14.08.2013 19:55
Company: Mozilla Corporation
--------------------
D:\Trojan Remover\Rmvtrjan.exe
FileSize: 5078264
[This is a Trojan Remover component]
--------------------
--------------------
D:\Mozilla Firefox\plugin-container.exe
17304 bytes
Created: 19.08.2013 06:40
Modified: 14.08.2013 19:55
Company: Mozilla Corporation
--------------------
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
1861512 bytes
Created: 08.08.2013 22:32
Modified: 08.08.2013 22:32
Company: Adobe Systems, Inc.
--------------------
************************************************************
21:26:14: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ie_de_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_4bd9705f7ce34286b66d3eda149032da_39_1007_20130820_DE_ie_sp_
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8ff9e2c0-c955-4d2e-a461-0606362ab29b&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 21:26:14 25 Aug 2013
Total Scan time: 00:01:14
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
25.08.2013 21:26:18: restart commenced
************************************************************
|
|
30.07.2014, 23:13
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Über Nacht: Kein ereignisprotokoll, keine Internetverbindung, PC sehr langsam nach Anmeldung Hmpf
__________________So wirklich schlau werde ich darauf nicht. TrojanRemover zeigt ne ganze Menge unnützes Zeugs an, ich hatte eigentlich an eine Zusammenfassung gedacht was er an Zeug gefunden und entfernt hat, nicht was er alles durchsucht hat  MBAM hat jedenfalls nur Junkware gefunden, die ist nur lästig aber nicht destruktiv Läuft dein PC im normalen nur langsam oder so gut wie garnicht?
__________________ |
|
31.07.2014, 05:56
| #19 |
| | Über Nacht: Kein ereignisprotokoll, keine Internetverbindung, PC sehr langsam nach Anmeldung Der Rechner läuft so gut wie gar nicht. Es ist unmöglich darauf zu arbeiten. Ich habe auch keine internetverbindung mehr. Viele Dinge sind auch blockiert z.B. Kann ich den eventlog nicht aktivieren weshalb ich auch dachte ich habe einen Virus oder sowas eingefangen |
|
31.07.2014, 08:14
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Über Nacht: Kein ereignisprotokoll, keine Internetverbindung, PC sehr langsam nach Anmeldung Windows-DVD zur Hand? Was anderes als Reparatur oder Neuinstallation sehe ich hier nämlich nicht
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.07.2014, 08:41
| #21 |
| | Über Nacht: Kein ereignisprotokoll, keine Internetverbindung, PC sehr langsam nach Anmeldung ohh nein, dass wollte ich eigentlich vermeiden. Windows DVD habe ich zur Hand. Wie kann ich eine Windows Reparatur durchführen? Hat bisher nicht geklappt. Windows sagt ich habe eine aktuellere Version bereits installiert. Eigentlich völliger Quatsch da ich ja eine Reparatur durchführen möchte. Ich habe mein System auf einer separaten Partition installiert. Die Programme sowie diverse Daten sind auch auf einer separaten Partition. Kann ich nun einfach Windows 7 neuinstallieren ohne die anderen Partition zu beeinflussen bzw zu überschreiben? |
|
31.07.2014, 09:36
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Über Nacht: Kein ereignisprotokoll, keine Internetverbindung, PC sehr langsam nach AnmeldungZitat:
Man sichert daher sinnigerweise seine Daten auf ein externes Medium und klemmt dieses dann auch ab wenn es an die Neuinstallation geht.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Über Nacht: Kein ereignisprotokoll, keine Internetverbindung, PC sehr langsam nach Anmeldung |
| benachrichtigungsdienst, bildschirm, blockiert, desktop, flash player, homepage, installation, ohne internet, problem, programm, pup.optional.alexatb.a, pup.optional.babylon.a, pup.optional.conduit, pup.optional.helperbar.a, pup.optional.opencandy, pup.optional.pcspeedup.a, rojaner gefunden, services.exe, startbildschirm, svchost.exe, systemereignisse, tracker |
Linear-Darstellung
