Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner > http://boxtralsurvisv.pl/gis/file.php

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.02.2013, 00:25   #1
troja-hilfe
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



Hallo Forums-Gemeinde,

heute in der früh erhielt ich folgende Malware-Meldung von Avira Antivirus
Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php"
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan] gefunden.

Diese Meldung kam 9x, davon wurde es 4x blockiert und 5x in Quarantäne verschoben.

Wie sich jetzt rausgestellt hat hab ich mir wohl den hier eingefangen:
https://www.kreissparkasse-augsburg.de/privatkunden/banking/aktuelle-sicherheitsmeldungen/ueberblick/index.php?n=%2Fprivatkunden%2Fbanking%2Faktuelle-sicherheitsmeldungen%2Fueberblick%2F

Avira erkennt keine Schädlinge und alle Online-Viren-Scanner können vom Browser nicht geöffnet werden und werden somit wohl vom Trojaner blockiert.

Es handelt sich um mein Firmen-Notebook und daher möchte ich das Drecksding schnellstens loswerden! Kann ich dennoch mit dem Notebook weiterarbeiten?

Besten Dank im Voraus für eure Unterstützung!

Schöne Grüße

Alt 06.02.2013, 11:41   #2
markusg
/// Malware-holic
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



hi habt irh ne IT abteilung? dann müsste das Gerät an die gehen.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 06.02.2013, 16:15   #3
troja-hilfe
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



Besten Dank, dass du dich der Sache annimmst...

[QUOTE]OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.02.2013 15:28:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mustermann\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,92 Gb Total Physical Memory | 5,88 Gb Available Physical Memory | 74,28% Memory free
15,83 Gb Paging File | 13,55 Gb Available in Paging File | 85,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 558,40 Gb Free Space | 93,67% Space Free | Partition Type: NTFS
 
Computer Name: NB72974 | User Name: Mustermann| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.06 14:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe
PRC - [2013.02.06 12:09:44 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.06 12:09:18 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2013.02.06 12:09:14 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2013.02.06 12:09:10 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.06 12:09:10 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.08 23:05:32 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.14 17:14:24 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.11.14 17:14:20 | 001,355,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.11.14 17:13:58 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.11.14 17:13:52 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.07.07 14:44:12 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
PRC - [2011.07.07 14:44:12 | 000,066,696 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
PRC - [2011.06.17 21:02:56 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.06.17 21:02:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.05.31 16:28:04 | 002,801,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.03.09 11:40:12 | 000,342,984 | ---- | M] () -- C:\Program Files (x86)\OneClickInternet\WTGService.exe
PRC - [2011.03.04 09:46:50 | 000,318,464 | ---- | M] (HUAWEI Technologies Co., Ltd.) -- C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe
PRC - [2009.09.12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009.09.12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.10 13:06:30 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll
MOD - [2013.01.10 13:06:30 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll
MOD - [2013.01.10 09:03:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013.01.10 09:03:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 09:03:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.10 09:03:08 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 09:02:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 09:02:54 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 09:02:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 09:02:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 09:02:47 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011.08.30 13:32:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.01.13 12:22:24 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012.01.13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2012.01.04 12:27:32 | 001,526,032 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012.01.04 12:14:38 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012.01.04 12:13:06 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.12.22 07:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.12.12 03:40:36 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.07.15 15:43:38 | 000,969,352 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011.05.31 15:51:20 | 000,552,584 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.06 12:09:44 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.06 12:09:18 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013.02.06 12:09:14 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.02.06 12:09:10 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.06 08:32:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 03:01:34 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.14 17:14:24 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.11.14 17:14:20 | 001,355,840 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.11.14 17:13:58 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.07 14:44:12 | 000,066,696 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
SRV - [2011.06.17 21:02:56 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.06.17 21:02:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.06.16 21:51:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.09 11:40:12 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OneClickInternet\WTGService.exe -- (WTGService)
SRV - [2011.03.04 09:46:50 | 000,318,464 | ---- | M] (HUAWEI Technologies Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe -- (GobiQDLService)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.13 13:33:15 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.13 13:33:15 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.12.06 12:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.10.10 07:49:01 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.06.26 20:38:28 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.10 20:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.12.22 08:30:24 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.12.22 07:12:40 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.12.12 03:33:36 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.12.12 03:33:36 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.12.09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.11.15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.11.14 17:13:40 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.10.25 01:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.10.25 01:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.08.23 10:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.06.25 04:13:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.06.21 14:19:16 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011.06.21 14:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.21 14:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.06.17 21:02:39 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.06.16 21:51:52 | 000,337,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.06.15 21:17:49 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.04.21 02:29:28 | 000,399,872 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gobi3kmbb.sys -- (gobi3kmbb)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.30 02:19:52 | 000,425,064 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.27 11:41:18 | 000,894,240 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2010.12.13 08:18:48 | 000,233,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gobi3kserial.sys -- (gobi3kserial)
DRV:64bit: - [2010.12.13 08:16:58 | 000,034,304 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gobi3kfilter.sys -- (gobi3kfilter)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.04.26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.09.08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 15:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.barmenia.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ctx4u.barmenia.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{D05A5CCC-F9DB-420D-A904-FC7352E095A0}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\..\SearchScopes\{F488FC5C-999A-438E-9E67-D5BACB4CA636}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 08:32:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 08:32:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.17 06:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions
[2012.10.26 12:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\vmk9qltx.default\extensions
[2013.02.06 08:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 08:32:04 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://barmenia.netucate.net/download1026/AXCltInstall.dll (ILINCInstall102 Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} https://ssl.barmenia24.de/app/BRP/notes/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://ssl.barmenia24.de/app/BRP/notes/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.82.226.212 8.8.8.8 8.8.4.4 212.82.225.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2059A514-1620-4A39-9E24-971002190803}: DhcpNameServer = 212.82.226.212 8.8.8.8 8.8.4.4 212.82.225.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85D5E2AA-3D09-4B73-9F95-A63BDA5EB5D9}: DhcpNameServer = 212.82.226.212 8.8.8.8 8.8.4.4 212.82.225.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9874BCF-A61B-4E56-BAF4-4BBF9EF79061}: NameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{3942788D-F1D2-4201-9BF0-003753DCCEB6} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.06 14:57:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe
[2013.02.06 08:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.06 00:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.02.05 23:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.02.05 23:27:02 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\Simply Super Software
[2013.02.05 23:27:02 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Simply Super Software
[2013.02.05 23:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.02.05 23:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.02.05 23:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.02.05 07:14:58 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Ynfoyd
[2013.02.05 07:14:58 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Uczooh
[2013.02.05 07:14:58 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Nayco
[2013.01.29 09:01:49 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\PDF Writer
[2013.01.29 09:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip
[2013.01.29 09:00:30 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzFlRdr.dll
[2013.01.29 09:00:30 | 000,139,264 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzpdfc.dll
[2013.01.29 09:00:30 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\SysWow64\bzDCT.dll
[2013.01.29 09:00:30 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\PDF Writer
[2013.01.29 09:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer
[2013.01.29 09:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip
[2013.01.29 09:00:28 | 000,218,624 | ---- | C] (Bullzip) -- C:\Windows\SysNative\bzpdf.dll
[2013.01.29 09:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip
[2013.01.29 08:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.01.29 08:48:41 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013.01.29 08:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.01.29 08:47:58 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Programs
[2013.01.25 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Desktop\Präsentation
[2013.01.18 15:03:08 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\Documents\Antragsunterlagen
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.06 15:05:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.06 14:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe
[2013.02.06 14:54:31 | 000,002,012 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OneClick Internet.lnk
[2013.02.06 14:33:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.06 11:00:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.06 09:00:22 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.06 09:00:22 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.06 09:00:22 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.06 09:00:22 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.06 09:00:22 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.06 08:33:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.06 08:10:52 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 08:10:52 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 08:03:08 | 2081,312,767 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.05 23:47:11 | 000,141,435 | ---- | M] () -- C:\Users\Mustermann\Desktop\Reiseplan für  REISWICH ROBERT MR  12Feb13  Duesseldorf  7T4WVJ.pdf
[2013.01.29 08:55:55 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.01.26 13:00:27 | 000,000,017 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\resmon.resmoncfg
[2013.01.23 13:15:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.21 19:43:28 | 000,948,231 | ---- | M] () -- C:\Users\Mustermann\Desktop\BU-Highlights.pdf
[2013.01.11 11:39:42 | 000,103,936 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013.01.10 08:58:30 | 000,292,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 08:52:20 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.06 08:01:29 | 000,001,256 | ---- | C] () -- C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.02.05 23:47:11 | 000,141,435 | ---- | C] () -- C:\Users\Mustermann\Desktop\Reiseplan für  REISWICH ROBERT MR  12Feb13  Duesseldorf  7T4WVJ.pdf
[2013.01.29 08:55:55 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.01.26 13:00:27 | 000,000,017 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\resmon.resmoncfg
[2013.01.23 13:15:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.12.07 16:43:55 | 000,003,584 | ---- | C] () -- C:\Users\Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.20 19:19:30 | 000,137,732 | ---- | C] () -- C:\Windows\hpoins44.dat
[2012.11.20 19:19:30 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2012.09.12 08:20:01 | 000,000,110 | ---- | C] () -- C:\Users\Mustermann\.webcall
[2012.05.04 10:07:03 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.05.04 10:07:02 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.05.04 10:07:02 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.05.04 10:07:02 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.01.17 19:57:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.30 04:02:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.30 03:59:55 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.07.20 01:29:42 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.20 01:29:35 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.01 22:08:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.02.11 00:03:27 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.03 09:23:40 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\ICAClient
[2013.02.06 00:15:33 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Nayco
[2013.01.20 12:11:26 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\OneClickInternet
[2013.01.29 09:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\PDF Writer
[2013.01.29 08:55:55 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\pdfforge
[2013.02.05 23:27:02 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Simply Super Software
[2012.01.25 09:54:19 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Sony
[2013.02.05 07:14:58 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Uczooh
[2013.02.06 00:37:51 | 000,000,000 | ---D | M] -- C:\Users\Mustermann\AppData\Roaming\Ynfoyd
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.02.22 12:47:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.11.16 14:58:45 | 000,000,000 | ---D | M] -- C:\52e80e1d6ad8f074273d07
[2012.01.17 18:51:58 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.08.30 04:10:58 | 000,000,000 | ---D | M] -- C:\Documentation
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.01.13 10:30:36 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.30 04:47:50 | 000,000,000 | ---D | M] -- C:\Infineon
[2011.08.30 03:50:11 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.29 09:00:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.06 09:13:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.05 23:29:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.01.13 10:30:36 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.02.06 15:29:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.18 16:33:34 | 000,000,000 | ---D | M] -- C:\Temp
[2013.01.30 08:28:49 | 000,000,000 | ---D | M] -- C:\Update
[2012.01.18 14:15:36 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.06 09:27:15 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,624 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.09.03 11:29:28 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.09.06 23:18:45 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.09.06 23:18:46 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.05.26 21:04:40 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.05.26 21:04:40 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.05.26 21:04:40 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.05.26 21:04:40 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.05.26 21:04:40 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.05.26 21:04:40 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.06.25 04:13:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.06.25 04:13:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys
[2011.06.25 04:13:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_b8d31a7001998667\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.09.12 08:20:01 | 000,000,110 | ---- | M] () -- C:\Users\Mustermann\.webcall
[2013.02.06 15:36:23 | 002,883,584 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT
[2013.02.06 15:36:23 | 000,262,144 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat.LOG1
[2012.01.18 14:12:25 | 000,000,000 | -HS- | M] () -- C:\Users\Mustermann\ntuser.dat.LOG2
[2012.01.18 14:42:06 | 000,065,536 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.01.18 14:42:06 | 000,524,288 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.01.18 14:42:06 | 000,524,288 | -HS- | M] () -- C:\Users\Mustermann\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.01.18 14:12:25 | 000,000,020 | -HS- | M] () -- C:\Users\Mustermann\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---


[QUOTE]ExtrasOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.02.2013 15:28:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mustermann\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,92 Gb Total Physical Memory | 5,88 Gb Available Physical Memory | 74,28% Memory free
15,83 Gb Paging File | 13,55 Gb Available in Paging File | 85,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 558,40 Gb Free Space | 93,67% Space Free | Partition Type: NTFS
 
Computer Name: NB72974 | User Name: Mustermann| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{290C06AB-D2F4-4203-A14E-CF04FE829F30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{3F29641B-62C6-44DF-B911-56715E8023EB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{657AB31B-7EDC-40CD-BE5A-F2E71F597CA5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7D717A83-98EC-4EFA-BB8D-B305701032BA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{94EE4F39-D189-44AE-BF75-E1C280F3EE98}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A4A4F4D-5957-4BAA-9748-FFF86D7C531A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B1663B33-06AC-4B43-8D6E-300CC387A0C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BA9F5342-1EB7-431D-8588-C792DF6FDCE3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C27056A5-71D9-44A2-9F1E-11833C5BB4B9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CA631A45-DF6E-4809-A7E2-81AC67472B00}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D0438B1C-EB6F-44E2-87AC-58D699D89E88}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D51233C9-535A-48CB-ABBD-E77FC474FDEA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E9D9EC8D-71E3-4D1E-A06F-B4394B87B7CB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F5027798-DA04-4F1D-9C03-A35AD1A31768}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E5B007D-66B7-419E-859C-080F7BBCF574}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{166B483E-A413-4E42-9517-BA4F6F325E69}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{217DF8FB-FD76-4286-9E34-2FAB0D2C7891}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{25D0C01F-B75E-42B5-B4AE-E158C6D8012D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4D90E778-A5F4-4DB9-A6A1-1AC0E1CD852A}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{59E1D9D8-E478-45CB-B0C4-52530F88805F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{6591376F-AE06-49D0-8261-83F39B512176}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{912ED74A-895A-4369-8D26-127F2DF0B129}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{9FA1A8F1-922A-48C2-AC2F-84C369DC8F5D}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"TCP Query User{39CE369E-8EE0-4A12-95FD-316E3075934C}C:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\java.exe" = protocol=6 | dir=in | app=c:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\java.exe | 
"TCP Query User{5318F138-CA88-4CD8-9BCD-BE919B992DC1}C:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe | 
"TCP Query User{5DB93E61-A4BD-40B1-8D43-29053DBA03D6}C:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\javaw.exe | 
"TCP Query User{7BA51695-9021-4361-B1A3-787A7C73CEEB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{6646C50F-1827-44BE-8C73-4BD8831BB1BF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{9B4BAEFE-D364-4D9B-8A09-103F2A6B159E}C:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\javaw.exe | 
"UDP Query User{9B6878BC-B3F8-4C67-9F9D-21964CCE6705}C:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\java.exe" = protocol=17 | dir=in | app=c:\users\Mustermann\ebasis_lokal-1.0\jre1.5.0_22\bin\java.exe | 
"UDP Query User{AA5F8AC5-B28A-4C01-95AB-F3C88216746B}C:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{077BF055-512A-4D48-B3C2-44AD860FEB0A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2106A845-79C0-426B-9B91-9CBEAF3DE0F2}" = VAIO Update Merge Module x64
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{549AD5FB-F52D-4307-864A-C0008FB35D96}" = VCCx64
"{5CB648C9-78CC-D03E-65E4-B4AF6127CEFC}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7BF570D4-D060-165D-64AA-4C96DBC08671}" = AMD Media Foundation Decoders
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft-Maus- und Tastatur-Center
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64
"{DC4BA134-55D7-AA2B-FC2F-68A95CDA41AB}" = ATI Catalyst Install Manager
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{E7DC06A3-8516-4929-B712-80987AFFFB57}" = Intel(R) PROSet/Wireless WiFi-Software
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"ProInst" = Intel PROSet Wireless
"Speccy" = Speccy
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" = 
"{06676957-7563-8D90-1212-6B58F8B724D9}" = CCC Help Spanish
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{223767A9-2A17-8F5D-A08A-BE720E51C2D6}" = CCC Help Norwegian
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FFD2FF0-8D1F-7CF0-B389-C2FE3B0BD745}" = CCC Help Czech
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{489D3997-0A51-54BD-591E-AD6A15EB8190}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8AE39C-8C49-C157-4C49-7237B047DB57}" = Catalyst Control Center InstallProxy
"{52018CB0-FD4F-C746-C950-1F40B00BC0C5}" = CCC Help Greek
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{547F3077-EBD6-9D0A-4C9C-A729E5AD6A76}" = CCC Help Korean
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{59312BC4-CA09-88A4-3CA2-A96FF21B4604}" = CCC Help Chinese Standard
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{6007FDAD-CBF0-4B15-6235-93F358273066}" = CCC Help Hungarian
"{60E333E5-93AF-E75A-3A22-A10B0DD351BE}" = CCC Help German
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71FC647F-E91F-4DD2-BEA4-7B4172015DCE}" = VHD
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7C9B54C7-7777-41E4-8508-E78A6CE3BCE5}" = Catalyst Control Center - Branding
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{862AE653-4E32-087E-BA55-C11B853D4DF6}" = CCC Help Thai
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CF4B62E-2ED0-0950-FA54-A46D59A93636}" = Catalyst Control Center Localization All
"{8E797841-A110-41FD-B17A-3ABC0641187A}" = VAIO Control Center
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{930A4D1B-AA42-D8DC-08F1-27CB7F6F6A13}" = CCC Help Danish
"{94650E3B-CCD1-AE32-46A1-3890787B3488}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE76A96-BF2F-8AB9-46B8-74F1FB68AD4C}" = PX Profile Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ADFAD16F-D86E-D4E2-3E0A-A94F54544DE9}" = Catalyst Control Center Profiles Mobile
"{B1482DE6-FF00-2968-0155-57A643DCA7CB}" = CCC Help Portuguese
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B77DE05C-7C84-4011-B93F-A29D0D2840F4}" = ArcSoft WebCam Companion 4
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}" = VAIO CPU-Lüfterdiagnose
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C4040489-0C6A-6361-3270-CE574016BE0F}" = CCC Help Chinese Traditional
"{C4BD6ECC-FF0E-5AAC-8CB3-EA92B20D77A3}" = CCC Help Japanese
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D2F6976A-1935-F625-ACB4-CBF5C067C746}" = CCC Help Italian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC3B9C93-B7AF-01AB-D1FC-8FC82F78D8CD}" = PX Profile Update
"{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}" = VCCx86
"{E8A943BA-C038-B562-92AE-7C5A99C972A0}" = CCC Help French
"{EA441422-6D6A-6E91-A973-492BB9BFB0D6}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21A6101-3E12-32AE-AB8D-51F11005B55B}" = CCC Help Swedish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F63FFE40-4F62-0F8C-5C97-7C66A2D7500A}" = CCC Help Turkish
"{F69CE215-9CE8-48DB-6943-9003B6AE5142}" = Catalyst Control Center
"{F8DD58A9-2A6A-5004-8740-D4E50FBF726C}" = CCC Help Finnish
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FED5269F-EAAA-5D64-AE23-3478C747A1F1}" = CCC Help Russian
"{FF5B1EEA-8766-4D05-A985-08610A21A739}" = CCC Help Dutch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"ESET Online Scanner" = ESET Online Scanner v3
"Gobi_Firmware" = Gobi_Firmware
"HW Gobi 3000 Driver" = HW Gobi 3000 Driver 1.08.00.00
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OneClickInternet" = OneClick Internet
"ProInst" = Intel PROSet Wireless
"Trojan Remover_is1" = Trojan Remover 6.8.5
"uninstall.exe" = iLinc Client
"VAIO Help and Support" = 
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MustermanneBASIS lokal - Update" = Mustermann eBASIS lokal - Update
"Data Conference" = Data Conference
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.10.2012 06:56:27 | Computer Name = NB72974 | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 29.10.2012 06:56:27 | Computer Name = NB72974 | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 29.10.2012 06:56:27 | Computer Name = NB72974 | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 29.10.2012 06:56:27 | Computer Name = NB72974 | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 29.10.2012 15:44:02 | Computer Name = NB72974 | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.10.2012 03:11:59 | Computer Name = NB72974 | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.10.2012 09:53:13 | Computer Name = NB72974 | Source = System Restore | ID = 8193
Description = 
 
Error - 30.10.2012 12:36:27 | Computer Name = NB72974 | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 14a0    Startzeit: 01cdb66e10c3f55a    Endzeit: 78    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 31.10.2012 02:59:06 | Computer Name = NB72974 | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.10.2012 09:01:26 | Computer Name = NB72974 | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 05.02.2013 03:14:49 | Computer Name = NB72974 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 05.02.2013 15:27:43 | Computer Name = NB72974 | Source = DCOM | ID = 10010
Description = 
 
Error - 05.02.2013 18:58:34 | Computer Name = NB72974 | Source = DCOM | ID = 10010
Description = 
 
Error - 05.02.2013 19:28:38 | Computer Name = NB72974 | Source = DCOM | ID = 10010
Description = 
 
Error - 05.02.2013 20:08:17 | Computer Name = NB72974 | Source = DCOM | ID = 10010
Description = 
 
Error - 06.02.2013 03:02:42 | Computer Name = NB72974 | Source = DCOM | ID = 10010
Description = 
 
Error - 06.02.2013 03:03:43 | Computer Name = NB72974 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 06.02.2013 03:58:39 | Computer Name = NB72974 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 06.02.2013 07:48:04 | Computer Name = NB72974 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 06.02.2013 09:52:30 | Computer Name = NB72974 | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
 
< End of report >
         
--- --- ---
__________________

Geändert von troja-hilfe (06.02.2013 um 16:31 Uhr)

Alt 06.02.2013, 16:40   #4
markusg
/// Malware-holic
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



hi
öffne trojan remover und poste alle bisher erstellten Berichte.
2.
Avira Fundmeldungen posten bitte
http://www.trojaner-board.de/125889-...en-posten.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2013, 17:45   #5
troja-hilfe
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



AVIRA

Exportierte Ereignisse:

06.02.2013 00:37 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Mustermann\AppData\Roaming\Ynfoyd\taxe.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Zbot.315392.114'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59210c57.qua'
verschoben!
Der Registrierungseintrag
<HKEY_USERS\S-1-5-21-3345907125-2762855170-410212254-1001\SOFTWARE\Microsoft\Win
dows\CurrentVersion\Run\Opydsexoxy> konnte nicht repariert werden.
Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.

06.02.2013 00:36 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Mustermann\AppData\Roaming\Ynfoyd\taxe.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/PSW.Zbot.315392.114' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern

05.02.2013 07:41 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php"
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

05.02.2013 07:17 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php"
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

05.02.2013 07:17 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php"
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert

05.02.2013 07:17 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php"
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan]
gefunden.
Durchgeführte Aktion: Die Datei in Quarantäne verschieben

05.02.2013 07:17 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php"
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan]
gefunden.
Durchgeführte Aktion: Die Datei in Quarantäne verschieben

05.02.2013 07:16 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php"
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan]
gefunden.
Durchgeführte Aktion: Die Datei in Quarantäne verschieben

05.02.2013 07:16 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php"
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan]
gefunden.
Durchgeführte Aktion: Die Datei in Quarantäne verschieben

05.02.2013 07:16 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php"
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan]
gefunden.
Durchgeführte Aktion: Die Datei in Quarantäne verschieben

05.02.2013 07:15 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php"
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert



Trojan Remover

**** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.5.2611. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 23:29:20 05 Feb 2013
Using Database v8040
Operating System: Windows 7 x64 Professional (SP1) [Build: 6.1.7601]
File System: NTFS
UAC is ENABLED [default level]
UserData directory: C:\Users\Mustermann\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Users\Mustermann\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files (x86)\Trojan Remover\
Running with Administrator privileges

************************************************************
23:29:20: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
No modified default file associations detected

************************************************************
23:29:20: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
23:29:20: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: C:\Windows\Explorer.exe
C:\Windows\Explorer.exe
2871808 bytes
Created: 26.05.2011 21:04
Modified: 26.05.2011 21:04
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\System32\userinit.exe
30720 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [IAStorIcon]
Value Data: [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe]
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
284440 bytes
Created: 30.08.2011 03:52
Modified: 20.05.2011 09:10
Company: Intel Corporation
--------------------
Value Name: [ISBMgr.exe]
Value Data: ["C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"]
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
2801288 bytes
Created: 30.08.2011 04:10
Modified: 31.05.2011 16:28
Company: Sony Corporation
--------------------
Value Name: [ConnectionCenter]
Value Data: ["C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup]
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
103768 bytes
Created: 12.09.2009 23:09
Modified: 12.09.2009 23:09
Company: Citrix Systems, Inc.
--------------------
Value Name: [StartCCC]
Value Data: ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
343168 bytes
Created: 22.12.2011 01:30
Modified: 22.12.2011 01:30
Company: Advanced Micro Devices, Inc.
--------------------
Value Name: [avgnt]
Value Data: ["C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min]
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
384800 bytes
Created: 10.10.2012 11:32
Modified: 13.12.2012 13:32
Company: Avira Operations GmbH & Co. KG
--------------------
Value Name: [TrojanScanner]
Value Data: [C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot]
C:\Program Files (x86)\Trojan Remover\Trjscan.exe
1247504 bytes
Created: 05.02.2013 23:26
Modified: 14.09.2012 11:58
Company: Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: [ccleaner]
Value Data: ["C:\Program Files\CCleaner\CCleaner64.exe" /AUTO]
C:\Program Files\CCleaner\CCleaner64.exe
5379936 bytes
Created: 24.09.2012 19:49
Modified: 24.09.2012 19:49
Company: Piriform Ltd
--------------------
Value Name: [Skype]
Value Data: ["C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun]
C:\Program Files (x86)\Skype\Phone\Skype.exe
-R- 17884848 bytes
Created: 19.10.2012 16:38
Modified: 19.10.2012 16:38
Company: Skype Technologies S.A.
--------------------
Value Name: [Opydsexoxy]
Value Data: [C:\Users\Mustermann\AppData\Roaming\Ynfoyd\taxe.exe]
C:\Users\Mustermann\AppData\Roaming\Ynfoyd\taxe.exe
267776 bytes
Created: 26.05.2012 22:28
Modified: 26.05.2012 22:28
Company:
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
23:29:22: Scanning -----WINDOWS 64 Bit REGISTRY-----
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: [RtHDVCpl]
Value Data: [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
11490408 bytes
Created: 30.08.2011 03:53
Modified: 16.06.2011 21:43
Company: Realtek Semiconductor
--------------------
Value Name: [RtHDVBg]
Value Data: [C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 ]
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
2179688 bytes
Created: 30.08.2011 03:53
Modified: 16.06.2011 21:43
Company: Realtek Semiconductor
--------------------
Value Name: [Apoint]
Value Data: [%ProgramFiles%\Apoint\Apoint.exe]
C:\Program Files\Apoint\Apoint.exe
226672 bytes
Created: 21.06.2011 08:01
Modified: 15.06.2011 21:17
Company: Alps Electric Co., Ltd.
--------------------
Value Name: [IntelPAN]
Value Data: ["C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray]
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
1935120 bytes
Created: 04.01.2012 12:18
Modified: 04.01.2012 12:18
Company: Intel(R) Corporation
--------------------
Value Name: [BTMTrayAgent]
Value Data: [rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp]
C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
10358784 bytes
Created: 14.11.2011 17:13
Modified: 14.11.2011 17:13
Company: Intel Corporation
--------------------
Value Name: [IgfxTray]
Value Data: [C:\Windows\system32\igfxtray.exe]
C:\Windows\System32\igfxtray.exe
167704 bytes
Created: 04.05.2012 10:07
Modified: 10.01.2012 20:43
Company: Intel Corporation
--------------------
Value Name: [HotKeysCmds]
Value Data: [C:\Windows\system32\hkcmd.exe]
C:\Windows\System32\hkcmd.exe
392984 bytes
Created: 04.05.2012 10:07
Modified: 10.01.2012 20:43
Company: Intel Corporation
--------------------
Value Name: [Persistence]
Value Data: [C:\Windows\system32\igfxpers.exe]
C:\Windows\System32\igfxpers.exe
417560 bytes
Created: 04.05.2012 10:07
Modified: 10.01.2012 20:43
Company: Intel Corporation
--------------------
Value Name: [IntelliType Pro]
Value Data: ["c:\Program Files\Microsoft Device Center\itype.exe"]
c:\Program Files\Microsoft Device Center\itype.exe
1464928 bytes
Created: 26.06.2012 20:38
Modified: 26.06.2012 20:38
Company: Microsoft Corporation
--------------------
Value Name: [IntelliPoint]
Value Data: ["c:\Program Files\Microsoft Device Center\ipoint.exe"]
c:\Program Files\Microsoft Device Center\ipoint.exe
2004584 bytes
Created: 26.06.2012 20:38
Modified: 26.06.2012 20:38
Company: Microsoft Corporation
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry key appears to be empty

************************************************************
23:29:23: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************************
23:29:23: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
23:29:23: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
23:29:23: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: %SystemRoot%\system32\unregmp2.exe /ShowWMP
C:\Windows\System32\unregmp2.exe
323584 bytes
Created: 14.07.2009 01:23
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: >{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
C:\Windows\SysWOW64\ie4uinit.exe
74240 bytes
Created: 26.05.2011 21:06
Modified: 26.05.2011 21:06
Company: Microsoft Corporation
----------
Key: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
C:\Windows\System32\themeui.dll
2851840 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
C:\Program Files (x86)\Windows Mail\WinMail.exe
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
C:\Windows\System32\unregmp2.exe
323584 bytes
Created: 14.07.2009 01:23
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe /s /n /i:U shell32.dll
C:\Windows\System32\shell32.dll
14172672 bytes
Created: 16.08.2012 12:13
Modified: 09.06.2012 06:43
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
C:\Windows\SysWOW64\ie4uinit.exe
74240 bytes
Created: 26.05.2011 21:06
Modified: 26.05.2011 21:06
Company: Microsoft Corporation
----------

************************************************************
23:29:24: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
23:29:24: Scanning ----- SERVICES REGISTRY KEYS -----
Key: 1394ohci
ImagePath: \SystemRoot\system32\drivers\1394ohci.sys
C:\Windows\System32\drivers\1394ohci.sys
229888 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: ACDaemon
ImagePath: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
113152 bytes
Created: 18.03.2010 10:19
Modified: 18.03.2010 10:19
Company: ArcSoft Inc.
----------
Key: ACPI
ImagePath: system32\drivers\ACPI.sys
C:\Windows\System32\drivers\ACPI.sys
334208 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: AcpiPmi
ImagePath: \SystemRoot\system32\drivers\acpipmi.sys
C:\Windows\System32\drivers\acpipmi.sys
12800 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: AdobeARMservice
ImagePath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
65192 bytes
Created: 18.12.2012 06:28
Modified: 18.12.2012 06:28
Company: Adobe Systems Incorporated
----------
Key: AdobeFlashPlayerUpdateSvc
ImagePath: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
251400 bytes
Created: 03.09.2012 11:29
Modified: 09.01.2013 03:01
Company: Adobe Systems Incorporated
----------
Key: adp94xx
ImagePath: \SystemRoot\system32\drivers\adp94xx.sys
C:\Windows\System32\drivers\adp94xx.sys
491088 bytes
Created: 10.06.2009 21:36
Modified: 14.07.2009 02:52
Company: Adaptec, Inc.
----------
Key: adpahci
ImagePath: \SystemRoot\system32\drivers\adpahci.sys
C:\Windows\System32\drivers\adpahci.sys
339536 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:52
Company: Adaptec, Inc.
----------
Key: adpu320
ImagePath: \SystemRoot\system32\drivers\adpu320.sys
C:\Windows\System32\drivers\adpu320.sys
182864 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:52
Company: Adaptec, Inc.
----------
Key: AFD
ImagePath: \SystemRoot\system32\drivers\afd.sys
C:\Windows\System32\drivers\afd.sys
498688 bytes
Created: 22.02.2012 14:01
Modified: 28.12.2011 04:59
Company: Microsoft Corporation
----------
Key: agp440
ImagePath: \SystemRoot\system32\drivers\agp440.sys
C:\Windows\System32\drivers\agp440.sys
61008 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 02:52
Company: Microsoft Corporation
----------
Key: ALG
ImagePath: %SystemRoot%\System32\alg.exe
C:\Windows\System32\alg.exe
79360 bytes
Created: 14.07.2009 01:08
Modified: 14.07.2009 02:38
Company: Microsoft Corporation
----------
Key: aliide
ImagePath: \SystemRoot\system32\drivers\aliide.sys
C:\Windows\System32\drivers\aliide.sys
15440 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:52
Company: Acer Laboratories Inc.
----------
Key: AMD External Events Utility
ImagePath: %SystemRoot%\system32\atiesrxx.exe
C:\Windows\System32\atiesrxx.exe
204288 bytes
Created: 04.05.2012 10:07
Modified: 22.12.2011 07:54
Company: AMD
----------
Key: amdide
ImagePath: \SystemRoot\system32\drivers\amdide.sys
C:\Windows\System32\drivers\amdide.sys
15440 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:52
Company: Microsoft Corporation
----------
Key: AmdK8
ImagePath: \SystemRoot\system32\drivers\amdk8.sys
C:\Windows\System32\drivers\amdk8.sys
64512 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 00:19
Company: Microsoft Corporation
----------
Key: amdkmdag
ImagePath: system32\DRIVERS\atikmdag.sys
C:\Windows\System32\DRIVERS\atikmdag.sys
9360896 bytes
Created: 04.05.2012 10:07
Modified: 22.12.2011 08:30
Company: ATI Technologies Inc.
----------
Key: amdkmdap
ImagePath: system32\DRIVERS\atikmpag.sys
C:\Windows\System32\DRIVERS\atikmpag.sys
309760 bytes
Created: 04.05.2012 10:07
Modified: 22.12.2011 07:12
Company: Advanced Micro Devices, Inc.
----------
Key: AmdPPM
ImagePath: \SystemRoot\system32\drivers\amdppm.sys
C:\Windows\System32\drivers\amdppm.sys
60928 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 00:19
Company: Microsoft Corporation
----------
Key: amdsata
ImagePath: \SystemRoot\system32\drivers\amdsata.sys
C:\Windows\System32\drivers\amdsata.sys
107904 bytes
Created: 30.08.2011 03:48
Modified: 11.03.2011 07:41
Company: Advanced Micro Devices
----------
Key: amdsbs
ImagePath: \SystemRoot\system32\drivers\amdsbs.sys
C:\Windows\System32\drivers\amdsbs.sys
194128 bytes
Created: 10.06.2009 21:37
Modified: 14.07.2009 02:52
Company: AMD Technologies Inc.
----------
Key: amdxata
ImagePath: system32\drivers\amdxata.sys
C:\Windows\System32\drivers\amdxata.sys
27008 bytes
Created: 30.08.2011 03:48
Modified: 11.03.2011 07:41
Company: Advanced Micro Devices
----------
Key: AMPPAL
ImagePath: system32\DRIVERS\AMPPAL.sys
C:\Windows\System32\DRIVERS\AMPPAL.sys
195072 bytes
Created: 12.12.2011 03:33
Modified: 12.12.2011 03:33
Company: Windows (R) Win 7 DDK provider
----------
Key: AMPPALP
ImagePath: system32\DRIVERS\amppal.sys
C:\Windows\System32\DRIVERS\amppal.sys
195072 bytes
Created: 12.12.2011 03:33
Modified: 12.12.2011 03:33
Company: Windows (R) Win 7 DDK provider
----------
Key: AMPPALR3
ImagePath: C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
661504 bytes
Created: 12.12.2011 03:40
Modified: 12.12.2011 03:40
Company: Intel Corporation
----------
Key: AntiVirMailService
ImagePath: "C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe"
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
400160 bytes
Created: 10.10.2012 11:32
Modified: 13.12.2012 13:32
Company: Avira Operations GmbH & Co. KG
----------
Key: AntiVirSchedulerService
ImagePath: "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
85280 bytes
Created: 10.10.2012 11:32
Modified: 13.12.2012 13:33
Company: Avira Operations GmbH & Co. KG
----------
Key: AntiVirService
ImagePath: "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
109344 bytes
Created: 10.10.2012 11:32
Modified: 13.12.2012 13:32
Company: Avira Operations GmbH & Co. KG
----------
Key: AntiVirWebService
ImagePath: "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE"
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
565024 bytes
Created: 10.10.2012 11:32
Modified: 13.12.2012 13:32
Company: Avira Operations GmbH & Co. KG
----------
Key: ApfiltrService
ImagePath: \SystemRoot\system32\drivers\Apfiltr.sys
C:\Windows\System32\drivers\Apfiltr.sys
316024 bytes
Created: 21.06.2011 08:01
Modified: 15.06.2011 21:17
Company: Alps Electric Co., Ltd.
----------
Key: AppID
ImagePath: \SystemRoot\system32\drivers\appid.sys
C:\Windows\System32\drivers\appid.sys
61440 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: arc
ImagePath: \SystemRoot\system32\drivers\arc.sys
C:\Windows\System32\drivers\arc.sys
87632 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:52
Company: Adaptec, Inc.
----------
Key: arcsas
ImagePath: \SystemRoot\system32\drivers\arcsas.sys
C:\Windows\System32\drivers\arcsas.sys
97856 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:52
Company: Adaptec, Inc.
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
44376 bytes
Created: 19.03.2010 02:23
Modified: 19.03.2010 02:23
Company: Microsoft Corporation
----------
Key: AsyncMac
ImagePath: system32\DRIVERS\asyncmac.sys
C:\Windows\System32\DRIVERS\asyncmac.sys
23040 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: atapi
ImagePath: \SystemRoot\system32\drivers\atapi.sys
C:\Windows\System32\drivers\atapi.sys
24128 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:52
Company: Microsoft Corporation
----------
Key: athr
ImagePath: system32\DRIVERS\athrx.sys
C:\Windows\System32\DRIVERS\athrx.sys
1394688 bytes
Created: 20.06.2009 03:09
Modified: 20.06.2009 03:09
Company: Atheros Communications, Inc.
----------
Key: ATSwpWDF
ImagePath: system32\DRIVERS\ATSwpWDF.sys
C:\Windows\System32\DRIVERS\ATSwpWDF.sys
894240 bytes
Created: 27.01.2011 11:41
Modified: 27.01.2011 11:41
Company: AuthenTec, Inc.
----------
Key: avgntflt
ImagePath: system32\DRIVERS\avgntflt.sys
C:\Windows\System32\DRIVERS\avgntflt.sys
99912 bytes
Created: 10.10.2012 11:32
Modified: 13.12.2012 13:33
Company: Avira Operations GmbH & Co. KG
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\Windows\System32\DRIVERS\avipbb.sys
129216 bytes
Created: 10.10.2012 11:32
Modified: 13.12.2012 13:33
Company: Avira Operations GmbH & Co. KG
----------
Key: avkmgr
ImagePath: system32\DRIVERS\avkmgr.sys
C:\Windows\System32\DRIVERS\avkmgr.sys
27800 bytes
Created: 10.10.2012 11:32
Modified: 10.10.2012 07:49
Company: Avira Operations GmbH & Co. KG
----------
Key: b06bdrv
ImagePath: \SystemRoot\system32\drivers\bxvbda.sys
C:\Windows\System32\drivers\bxvbda.sys
468480 bytes
Created: 10.06.2009 21:34
Modified: 10.06.2009 21:34
Company: Broadcom Corporation
----------
Key: b57nd60a
ImagePath: system32\DRIVERS\b57nd60a.sys
C:\Windows\System32\DRIVERS\b57nd60a.sys
270848 bytes
Created: 10.06.2009 21:34
Modified: 10.06.2009 21:34
Company: Broadcom Corporation
----------
Key: BBSvc
ImagePath: "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE"
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
196176 bytes
Created: 21.10.2011 15:23
Modified: 21.10.2011 15:23
Company: Microsoft Corporation.
----------
Key: BBUpdate
ImagePath: "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
249648 bytes
Created: 13.10.2011 17:21
Modified: 13.10.2011 17:21
Company: Microsoft Corporation
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys
C:\Windows\System32\drivers\blbdrive.sys
45056 bytes
Created: 14.07.2009 00:35
Modified: 14.07.2009 00:35
Company: Microsoft Corporation
----------
Key: Bluetooth Device Monitor
ImagePath: "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
921664 bytes
Created: 14.11.2011 17:13
Modified: 14.11.2011 17:13
Company: Intel Corporation
----------
Key: Bluetooth Media Service
ImagePath: "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
1355840 bytes
Created: 14.11.2011 17:14
Modified: 14.11.2011 17:14
Company: Intel Corporation
----------
Key: Bluetooth OBEX Service
ImagePath: "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
995392 bytes
Created: 14.11.2011 17:14
Modified: 14.11.2011 17:14
Company: Intel Corporation
----------
Key: bowser
ImagePath: system32\DRIVERS\bowser.sys
C:\Windows\System32\DRIVERS\bowser.sys
90624 bytes
Created: 26.05.2011 21:04
Modified: 26.05.2011 21:04
Company: Microsoft Corporation
----------
Key: BrFiltLo
ImagePath: \SystemRoot\system32\drivers\BrFiltLo.sys
C:\Windows\System32\drivers\BrFiltLo.sys
18432 bytes
Created: 14.07.2009 02:19
Modified: 10.06.2009 21:41
Company: Brother Industries, Ltd.
----------
Key: BrFiltUp
ImagePath: \SystemRoot\system32\drivers\BrFiltUp.sys
C:\Windows\System32\drivers\BrFiltUp.sys
8704 bytes
Created: 14.07.2009 02:20
Modified: 10.06.2009 21:41
Company: Brother Industries, Ltd.
----------
Key: Brserid
ImagePath: \SystemRoot\System32\Drivers\Brserid.sys
C:\Windows\System32\Drivers\Brserid.sys
286720 bytes
Created: 14.07.2009 02:19
Modified: 14.07.2009 02:19
Company: Brother Industries Ltd.
----------
Key: BrSerWdm
ImagePath: \SystemRoot\System32\Drivers\BrSerWdm.sys
C:\Windows\System32\Drivers\BrSerWdm.sys
47104 bytes
Created: 14.07.2009 02:20
Modified: 10.06.2009 21:41
Company: Brother Industries Ltd.
----------
Key: BrUsbMdm
ImagePath: \SystemRoot\System32\Drivers\BrUsbMdm.sys
C:\Windows\System32\Drivers\BrUsbMdm.sys
14976 bytes
Created: 14.07.2009 02:20
Modified: 10.06.2009 21:41
Company: Brother Industries Ltd.
----------
Key: BrUsbSer
ImagePath: \SystemRoot\System32\Drivers\BrUsbSer.sys
C:\Windows\System32\Drivers\BrUsbSer.sys
14720 bytes
Created: 14.07.2009 02:20
Modified: 10.06.2009 21:41
Company: Brother Industries Ltd.
----------
Key: BthEnum
ImagePath: \SystemRoot\system32\drivers\BthEnum.sys
C:\Windows\System32\drivers\BthEnum.sys
41984 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: BTHMODEM
ImagePath: system32\DRIVERS\bthmodem.sys
C:\Windows\System32\DRIVERS\bthmodem.sys
72192 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: BthPan
ImagePath: system32\DRIVERS\bthpan.sys
C:\Windows\System32\DRIVERS\bthpan.sys
118784 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 01:07
Company: Microsoft Corporation
----------
Key: BTHPORT
ImagePath: \SystemRoot\System32\Drivers\BTHport.sys
C:\Windows\System32\Drivers\BTHport.sys
552960 bytes
Created: 16.08.2012 12:16
Modified: 06.07.2012 21:07
Company: Microsoft Corporation
----------
Key: BTHSSecurityMgr
ImagePath: "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
135952 bytes
Created: 13.01.2012 12:22
Modified: 13.01.2012 12:22
Company: Intel(R) Corporation
----------
Key: BTHUSB
ImagePath: \SystemRoot\System32\Drivers\BTHUSB.sys
C:\Windows\System32\Drivers\BTHUSB.sys
80384 bytes
Created: 01.02.2012 13:09
Modified: 28.04.2011 04:54
Company: Microsoft Corporation
----------
Key: btmaux
ImagePath: system32\DRIVERS\btmaux.sys
C:\Windows\System32\DRIVERS\btmaux.sys
84480 bytes
Created: 14.11.2011 17:13
Modified: 14.11.2011 17:13
Company: Intel Corporation
----------
Key: btmhsf
ImagePath: system32\DRIVERS\btmhsf.sys
C:\Windows\System32\DRIVERS\btmhsf.sys
327168 bytes
Created: 15.11.2011 01:13
Modified: 15.11.2011 01:13
Company: Intel Corporation
----------
Key: cdfs
ImagePath: system32\DRIVERS\cdfs.sys
C:\Windows\System32\DRIVERS\cdfs.sys
92160 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 00:19
Company: Microsoft Corporation
----------
Key: cdrom
ImagePath: system32\DRIVERS\cdrom.sys
C:\Windows\System32\DRIVERS\cdrom.sys
147456 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: circlass
ImagePath: \SystemRoot\system32\drivers\circlass.sys
C:\Windows\System32\drivers\circlass.sys
45568 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: CLFS
ImagePath: System32\CLFS.sys
C:\Windows\System32\CLFS.sys
367696 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:52
Company: Microsoft Corporation
----------
Key: clr_optimization_v2.0.50727_32
ImagePath: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
66384 bytes
Created: 13.07.2009 21:46
Modified: 10.06.2009 22:23
Company: Microsoft Corporation
----------
Key: clr_optimization_v2.0.50727_64
ImagePath: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
89920 bytes
Created: 13.07.2009 21:37
Modified: 10.06.2009 21:39
Company: Microsoft Corporation
----------
Key: clr_optimization_v4.0.30319_32
ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
130384 bytes
Created: 18.03.2010 22:16
Modified: 18.03.2010 22:16
Company: Microsoft Corporation
----------
Key: clr_optimization_v4.0.30319_64
ImagePath: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
138576 bytes
Created: 18.03.2010 23:27
Modified: 18.03.2010 23:27
Company: Microsoft Corporation
----------
Key: CmBatt
ImagePath: \SystemRoot\system32\drivers\CmBatt.sys
C:\Windows\System32\drivers\CmBatt.sys
17664 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 00:31
Company: Microsoft Corporation
----------
Key: cmdide
ImagePath: \SystemRoot\system32\drivers\cmdide.sys
C:\Windows\System32\drivers\cmdide.sys
17488 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:52
Company: CMD Technology, Inc.
----------
Key: CNG
ImagePath: System32\Drivers\cng.sys
C:\Windows\System32\Drivers\cng.sys
458712 bytes
Created: 29.10.2012 11:43
Modified: 24.08.2012 19:09
Company: Microsoft Corporation
----------
Key: Compbatt
ImagePath: system32\drivers\compbatt.sys
C:\Windows\System32\drivers\compbatt.sys
21584 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 02:52
Company: Microsoft Corporation
----------
Key: CompositeBus
ImagePath: \SystemRoot\system32\drivers\CompositeBus.sys
C:\Windows\System32\drivers\CompositeBus.sys
38912 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: COMSysApp
ImagePath: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\Windows\System32\dllhost.exe
9728 bytes
Created: 14.07.2009 00:59
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: crcdisk
ImagePath: \SystemRoot\system32\drivers\crcdisk.sys
C:\Windows\System32\drivers\crcdisk.sys
24144 bytes
Created: 14.07.2009 01:01
Modified: 14.07.2009 02:47
Company: Microsoft Corporation
----------
Key: CSC
ImagePath: system32\drivers\csc.sys
C:\Windows\System32\drivers\csc.sys
514560 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: ctxusbm
ImagePath: system32\DRIVERS\ctxusbm.sys
C:\Windows\System32\DRIVERS\ctxusbm.sys
87600 bytes
Created: 08.09.2009 18:13
Modified: 08.09.2009 18:13
Company: Citrix Systems, Inc.
----------
Key: DfsC
ImagePath: System32\Drivers\dfsc.sys
C:\Windows\System32\Drivers\dfsc.sys
102400 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: discache
ImagePath: System32\drivers\discache.sys
C:\Windows\System32\drivers\discache.sys
40448 bytes
Created: 14.07.2009 00:37
Modified: 14.07.2009 00:37
Company: Microsoft Corporation
----------
Key: Disk
ImagePath: system32\drivers\disk.sys
C:\Windows\System32\drivers\disk.sys
73280 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:47
Company: Microsoft Corporation
----------
Key: dmvsc
ImagePath: \SystemRoot\system32\drivers\dmvsc.sys
C:\Windows\System32\drivers\dmvsc.sys
71168 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: Dot4
ImagePath: system32\DRIVERS\Dot4.sys
C:\Windows\System32\DRIVERS\Dot4.sys
145920 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: Dot4Print
ImagePath: system32\DRIVERS\Dot4Prt.sys
C:\Windows\System32\DRIVERS\Dot4Prt.sys
19968 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: dot4usb
ImagePath: system32\DRIVERS\dot4usb.sys
C:\Windows\System32\DRIVERS\dot4usb.sys
43008 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: drmkaud
ImagePath: system32\drivers\drmkaud.sys
C:\Windows\System32\drivers\drmkaud.sys
5632 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: DXGKrnl
ImagePath: \SystemRoot\System32\drivers\dxgkrnl.sys
C:\Windows\System32\drivers\dxgkrnl.sys
982912 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: e1yexpress
ImagePath: system32\DRIVERS\e1y60x64.sys
C:\Windows\System32\DRIVERS\e1y60x64.sys
281088 bytes
Created: 10.06.2009 21:35
Modified: 10.06.2009 21:35
Company: Intel Corporation
----------
Key: ebdrv
ImagePath: \SystemRoot\system32\drivers\evbda.sys
C:\Windows\System32\drivers\evbda.sys
3286016 bytes
Created: 10.06.2009 21:34
Modified: 10.06.2009 21:34
Company: Broadcom Corporation
----------
Key: EFS
ImagePath: %SystemRoot%\System32\lsass.exe
C:\Windows\System32\lsass.exe
31232 bytes
Created: 18.01.2012 14:53
Modified: 17.11.2011 07:33
Company: Microsoft Corporation
----------
Key: ehRecvr
ImagePath: %systemroot%\ehome\ehRecvr.exe
C:\Windows\ehome\ehRecvr.exe
696832 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: ehSched
ImagePath: %systemroot%\ehome\ehsched.exe
C:\Windows\ehome\ehsched.exe
127488 bytes
Created: 14.07.2009 01:24
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: elxstor
ImagePath: \SystemRoot\system32\drivers\elxstor.sys
C:\Windows\System32\drivers\elxstor.sys
530496 bytes
Created: 10.06.2009 21:36
Modified: 14.07.2009 02:47
Company: Emulex
----------
Key: ErrDev
ImagePath: \SystemRoot\system32\drivers\errdev.sys
C:\Windows\System32\drivers\errdev.sys
9728 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 00:31
Company: Microsoft Corporation
----------
Key: EvtEng
ImagePath: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1526032 bytes
Created: 04.01.2012 12:27
Modified: 04.01.2012 12:27
Company: Intel(R) Corporation
----------
Key: Fax
ImagePath: %systemroot%\system32\fxssvc.exe
C:\Windows\System32\fxssvc.exe
689152 bytes
Created: 21.11.2010 04:25
Modified: 21.11.2010 04:25
Company: Microsoft Corporation
----------
Key: fdc
ImagePath: \SystemRoot\system32\drivers\fdc.sys
C:\Windows\System32\drivers\fdc.sys
29696 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: FileInfo
ImagePath: system32\drivers\fileinfo.sys
C:\Windows\System32\drivers\fileinfo.sys
70224 bytes
Created: 14.07.2009 00:34
Modified: 14.07.2009 02:47
Company: Microsoft Corporation
----------
Key: Filetrace
ImagePath: system32\drivers\filetrace.sys
C:\Windows\System32\drivers\filetrace.sys
34304 bytes
Created: 14.07.2009 00:25
Modified: 14.07.2009 00:25
Company: Microsoft Corporation
----------
Key: flpydisk
ImagePath: \SystemRoot\system32\drivers\flpydisk.sys
C:\Windows\System32\drivers\flpydisk.sys
24576 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: FltMgr
ImagePath: system32\drivers\fltmgr.sys
C:\Windows\System32\drivers\fltmgr.sys
289664 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: FontCache3.0.0.0
ImagePath: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
42856 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: FsDepends
ImagePath: System32\drivers\FsDepends.sys
C:\Windows\System32\drivers\FsDepends.sys
55376 bytes
Created: 14.07.2009 00:26
Modified: 14.07.2009 02:47
Company: Microsoft Corporation
----------
Key: fvevol
ImagePath: System32\DRIVERS\fvevol.sys
C:\Windows\System32\DRIVERS\fvevol.sys
223248 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: gagp30kx
ImagePath: \SystemRoot\system32\drivers\gagp30kx.sys
C:\Windows\System32\drivers\gagp30kx.sys
65088 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 02:47
Company: Microsoft Corporation
----------
Key: gobi3kfilter
ImagePath: system32\DRIVERS\gobi3kfilter.sys
C:\Windows\System32\DRIVERS\gobi3kfilter.sys
34304 bytes
Created: 13.12.2010 08:16
Modified: 13.12.2010 08:16
Company: QUALCOMM Incorporated
----------
Key: gobi3kmbb
ImagePath: system32\DRIVERS\gobi3kmbb.sys
C:\Windows\System32\DRIVERS\gobi3kmbb.sys
399872 bytes
Created: 30.08.2011 04:01
Modified: 21.04.2011 02:29
Company: QUALCOMM Incorporated
----------
Key: gobi3kserial
ImagePath: system32\DRIVERS\gobi3kserial.sys
C:\Windows\System32\DRIVERS\gobi3kserial.sys
233984 bytes
Created: 13.12.2010 08:18
Modified: 13.12.2010 08:18
Company: QUALCOMM Incorporated
----------
Key: GobiQDLService
ImagePath: C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe
C:\Program Files (x86)\Huawei\Gobi\GobiQDLService\GobiQDLService.exe
318464 bytes
Created: 30.08.2011 05:04
Modified: 04.03.2011 09:46
Company: HUAWEI Technologies Co., Ltd.
----------
Key: gupdate
ImagePath: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 06.09.2012 23:18
Modified: 06.09.2012 23:18
Company: Google Inc.
----------
Key: gupdatem
ImagePath: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 06.09.2012 23:18
Modified: 06.09.2012 23:18
Company: Google Inc.
----------
Key: gusvc
ImagePath: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
194032 bytes
Created: 06.09.2012 23:18
Modified: 06.09.2012 23:18
Company: Google
----------
Key: hcw85cir
ImagePath: \SystemRoot\system32\drivers\hcw85cir.sys
C:\Windows\System32\drivers\hcw85cir.sys
31232 bytes
Created: 13.07.2009 23:53
Modified: 10.06.2009 21:31
Company: Hauppauge Computer Works, Inc.
----------
Key: HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\Windows\System32\drivers\HdAudio.sys
350208 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: HDAudBus
ImagePath: \SystemRoot\system32\drivers\HDAudBus.sys
C:\Windows\System32\drivers\HDAudBus.sys
122368 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: HidBatt
ImagePath: \SystemRoot\system32\drivers\HidBatt.sys
C:\Windows\System32\drivers\HidBatt.sys
26624 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 00:31
Company: Microsoft Corporation
----------
Key: HidBth
ImagePath: system32\DRIVERS\hidbth.sys
C:\Windows\System32\DRIVERS\hidbth.sys
100864 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: HidIr
ImagePath: \SystemRoot\system32\drivers\hidir.sys
C:\Windows\System32\drivers\hidir.sys
46592 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: HidUsb
ImagePath: system32\DRIVERS\hidusb.sys
C:\Windows\System32\DRIVERS\hidusb.sys
30208 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: HpSAMD
ImagePath: \SystemRoot\system32\drivers\HpSAMD.sys
C:\Windows\System32\drivers\HpSAMD.sys
78720 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Hewlett-Packard Company
----------
Key: HTTP
ImagePath: system32\drivers\HTTP.sys
C:\Windows\System32\drivers\HTTP.sys
753664 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: hwpolicy
ImagePath: System32\drivers\hwpolicy.sys
C:\Windows\System32\drivers\hwpolicy.sys
14720 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: i8042prt
ImagePath: \SystemRoot\system32\drivers\i8042prt.sys
C:\Windows\System32\drivers\i8042prt.sys
105472 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 00:19
Company: Microsoft Corporation
----------
Key: iaStor
ImagePath: system32\drivers\iaStor.sys
C:\Windows\System32\drivers\iaStor.sys
557848 bytes
Created: 30.08.2011 12:56
Modified: 25.06.2011 04:13
Company: Intel Corporation
----------
Key: IAStorDataMgrSvc
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13592 bytes
Created: 30.08.2011 03:52
Modified: 20.05.2011 09:10
Company: Intel Corporation
----------
Key: iaStorV
ImagePath: \SystemRoot\system32\drivers\iaStorV.sys
C:\Windows\System32\drivers\iaStorV.sys
410496 bytes
Created: 30.08.2011 03:48
Modified: 11.03.2011 07:41
Company: Intel Corporation
----------
Key: iBtFltCoex
ImagePath: system32\DRIVERS\iBtFltCoex.sys
C:\Windows\System32\DRIVERS\iBtFltCoex.sys
60416 bytes
Created: 09.12.2011 19:45
Modified: 09.12.2011 19:45
Company: Intel Corporation
----------
Key: IconMan_R
ImagePath: "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
2375168 bytes
Created: 30.08.2011 04:00
Modified: 16.06.2011 21:51
Company: Realsil Microelectronics Inc.
----------
Key: idsvc
ImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
856400 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: iirsp
ImagePath: \SystemRoot\system32\drivers\iirsp.sys
C:\Windows\System32\drivers\iirsp.sys
44112 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: Intel Corp./ICP vortex GmbH
----------
Key: intaud_WaveExtensible
ImagePath: system32\drivers\intelaud.sys
C:\Windows\System32\drivers\intelaud.sys
34200 bytes
Created: 21.06.2011 14:19
Modified: 21.06.2011 14:19
Company: Intel Corporation
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RTKVHD64.sys
C:\Windows\System32\drivers\RTKVHD64.sys
2520936 bytes
Created: 30.08.2011 03:53
Modified: 16.06.2011 21:44
Company: Realtek Semiconductor Corp.
----------
Key: IntcDAud
ImagePath: system32\DRIVERS\IntcDAud.sys
C:\Windows\System32\DRIVERS\IntcDAud.sys
317440 bytes
Created: 23.08.2011 10:12
Modified: 23.08.2011 10:12
Company: Intel(R) Corporation
----------
Key: intelide
ImagePath: \SystemRoot\system32\drivers\intelide.sys
C:\Windows\System32\drivers\intelide.sys
16960 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: intelkmd
ImagePath: system32\DRIVERS\igdpmd64.sys
C:\Windows\System32\DRIVERS\igdpmd64.sys
12311904 bytes
Created: 04.05.2012 10:07
Modified: 10.01.2012 20:28
Company: Intel Corporation
----------
Key: intelppm
ImagePath: system32\DRIVERS\intelppm.sys
C:\Windows\System32\DRIVERS\intelppm.sys
62464 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 00:19
Company: Microsoft Corporation
----------
Key: IpFilterDriver
ImagePath: system32\DRIVERS\ipfltdrv.sys
C:\Windows\System32\DRIVERS\ipfltdrv.sys
82944 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: IPMIDRV
ImagePath: \SystemRoot\system32\drivers\IPMIDrv.sys
C:\Windows\System32\drivers\IPMIDrv.sys
78848 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: IPNAT
ImagePath: System32\drivers\ipnat.sys
C:\Windows\System32\drivers\ipnat.sys
116224 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: IRENUM
ImagePath: system32\drivers\irenum.sys
C:\Windows\System32\drivers\irenum.sys
17920 bytes
Created: 14.07.2009 01:08
Modified: 14.07.2009 01:08
Company: Microsoft Corporation
----------
Key: isapnp
ImagePath: \SystemRoot\system32\drivers\isapnp.sys
C:\Windows\System32\drivers\isapnp.sys
20544 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: iScsiPrt
ImagePath: \SystemRoot\system32\drivers\msiscsi.sys
C:\Windows\System32\drivers\msiscsi.sys
273792 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: iwdbus
ImagePath: \SystemRoot\system32\drivers\iwdbus.sys
C:\Windows\System32\drivers\iwdbus.sys
25496 bytes
Created: 21.06.2011 14:19
Modified: 21.06.2011 14:19
Company: Intel Corporation
----------
Key: kbdclass
ImagePath: system32\DRIVERS\kbdclass.sys
C:\Windows\System32\DRIVERS\kbdclass.sys
50768 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: kbdhid
ImagePath: system32\DRIVERS\kbdhid.sys
C:\Windows\System32\DRIVERS\kbdhid.sys
33280 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: KeyIso
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\System32\lsass.exe
31232 bytes
Created: 18.01.2012 14:53
Modified: 17.11.2011 07:33
Company: Microsoft Corporation
----------
Key: KMWDFILTER
ImagePath: system32\DRIVERS\KMWDFILTER.sys
C:\Windows\System32\DRIVERS\KMWDFILTER.sys
30208 bytes
Created: 29.04.2009 15:28
Modified: 29.04.2009 15:28
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: KSecDD
ImagePath: System32\Drivers\ksecdd.sys
C:\Windows\System32\Drivers\ksecdd.sys
95600 bytes
Created: 16.08.2012 12:13
Modified: 02.06.2012 06:48
Company: Microsoft Corporation
----------
Key: KSecPkg
ImagePath: System32\Drivers\ksecpkg.sys
C:\Windows\System32\Drivers\ksecpkg.sys
154480 bytes
Created: 29.10.2012 11:43
Modified: 24.08.2012 19:13
Company: Microsoft Corporation
----------
Key: ksthunk
ImagePath: \SystemRoot\system32\drivers\ksthunk.sys
C:\Windows\System32\drivers\ksthunk.sys
20992 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: lltdio
ImagePath: system32\DRIVERS\lltdio.sys
C:\Windows\System32\DRIVERS\lltdio.sys
60928 bytes
Created: 14.07.2009 01:08
Modified: 14.07.2009 01:08
Company: Microsoft Corporation
----------
Key: LMS
ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
326424 bytes
Created: 30.08.2011 04:00
Modified: 17.06.2011 21:02
Company: Intel Corporation
----------
Key: LSI_FC
ImagePath: \SystemRoot\system32\drivers\lsi_fc.sys
C:\Windows\System32\drivers\lsi_fc.sys
114752 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: LSI Corporation
----------
Key: LSI_SAS
ImagePath: \SystemRoot\system32\drivers\lsi_sas.sys
C:\Windows\System32\drivers\lsi_sas.sys
106560 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: LSI Corporation
----------
Key: LSI_SAS2
ImagePath: \SystemRoot\system32\drivers\lsi_sas2.sys
C:\Windows\System32\drivers\lsi_sas2.sys
65600 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: LSI Corporation
----------
Key: LSI_SCSI
ImagePath: \SystemRoot\system32\drivers\lsi_scsi.sys
C:\Windows\System32\drivers\lsi_scsi.sys
115776 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: LSI Corporation
----------
Key: luafv
ImagePath: \SystemRoot\system32\drivers\luafv.sys
C:\Windows\System32\drivers\luafv.sys
113152 bytes
Created: 14.07.2009 00:26
Modified: 14.07.2009 00:26
Company: Microsoft Corporation
----------
Key: megasas
ImagePath: \SystemRoot\system32\drivers\megasas.sys
C:\Windows\System32\drivers\megasas.sys
35392 bytes
Created: 10.06.2009 21:37
Modified: 14.07.2009 02:48
Company: LSI Corporation
----------
Key: MegaSR
ImagePath: \SystemRoot\system32\drivers\MegaSR.sys
C:\Windows\System32\drivers\MegaSR.sys
284736 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: LSI Corporation, Inc.
----------
Key: MEIx64
ImagePath: \SystemRoot\system32\drivers\HECIx64.sys
C:\Windows\System32\drivers\HECIx64.sys
56344 bytes
Created: 21.06.2011 08:51
Modified: 17.06.2011 21:02
Company: Intel Corporation
----------
Key: Modem
ImagePath: system32\drivers\modem.sys
C:\Windows\System32\drivers\modem.sys
40448 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: monitor
ImagePath: system32\DRIVERS\monitor.sys
C:\Windows\System32\DRIVERS\monitor.sys
30208 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 00:38
Company: Microsoft Corporation
----------
Key: mouclass
ImagePath: system32\DRIVERS\mouclass.sys
C:\Windows\System32\DRIVERS\mouclass.sys
49216 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: mouhid
ImagePath: system32\DRIVERS\mouhid.sys
C:\Windows\System32\DRIVERS\mouhid.sys
31232 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: mountmgr
ImagePath: System32\drivers\mountmgr.sys
C:\Windows\System32\drivers\mountmgr.sys
94592 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: MozillaMaintenance
ImagePath: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
115608 bytes
Created: 17.09.2012 06:36
Modified: 31.01.2013 11:34
Company: Mozilla Foundation
----------
Key: mpio
ImagePath: \SystemRoot\system32\drivers\mpio.sys
C:\Windows\System32\drivers\mpio.sys
155008 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: mpsdrv
ImagePath: System32\drivers\mpsdrv.sys
C:\Windows\System32\drivers\mpsdrv.sys
77312 bytes
Created: 14.07.2009 01:08
Modified: 14.07.2009 01:08
Company: Microsoft Corporation
----------
Key: MRxDAV
ImagePath: \SystemRoot\system32\drivers\mrxdav.sys
C:\Windows\System32\drivers\mrxdav.sys
140800 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: mrxsmb
ImagePath: system32\DRIVERS\mrxsmb.sys
C:\Windows\System32\DRIVERS\mrxsmb.sys
158208 bytes
Created: 18.01.2012 13:55
Modified: 27.04.2011 03:40
Company: Microsoft Corporation
----------
Key: mrxsmb10
ImagePath: system32\DRIVERS\mrxsmb10.sys
C:\Windows\System32\DRIVERS\mrxsmb10.sys
288768 bytes
Created: 18.01.2012 13:55
Modified: 09.07.2011 03:46
Company: Microsoft Corporation
----------
Key: mrxsmb20
ImagePath: system32\DRIVERS\mrxsmb20.sys
C:\Windows\System32\DRIVERS\mrxsmb20.sys
128000 bytes
Created: 18.01.2012 13:55
Modified: 27.04.2011 03:39
Company: Microsoft Corporation
----------
Key: msahci
ImagePath: \SystemRoot\system32\drivers\msahci.sys
C:\Windows\System32\drivers\msahci.sys
31104 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: msdsm
ImagePath: \SystemRoot\system32\drivers\msdsm.sys
C:\Windows\System32\drivers\msdsm.sys
140672 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: MSDTC
ImagePath: %SystemRoot%\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
141824 bytes
Created: 14.07.2009 00:59
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: mshidkmdf
ImagePath: \SystemRoot\System32\drivers\mshidkmdf.sys
C:\Windows\System32\drivers\mshidkmdf.sys
8192 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: msisadrv
ImagePath: system32\drivers\msisadrv.sys
C:\Windows\System32\drivers\msisadrv.sys
15424 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: msiserver
ImagePath: %systemroot%\system32\msiexec.exe /V
C:\Windows\System32\msiexec.exe
128000 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: MSKSSRV
ImagePath: system32\drivers\MSKSSRV.sys
C:\Windows\System32\drivers\MSKSSRV.sys
11136 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: MSPCLOCK
ImagePath: system32\drivers\MSPCLOCK.sys
C:\Windows\System32\drivers\MSPCLOCK.sys
7168 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: MSPQM
ImagePath: system32\drivers\MSPQM.sys
C:\Windows\System32\drivers\MSPQM.sys
6784 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: mssmbios
ImagePath: \SystemRoot\system32\drivers\mssmbios.sys
C:\Windows\System32\drivers\mssmbios.sys
32320 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: MSTEE
ImagePath: system32\drivers\MSTEE.sys
C:\Windows\System32\drivers\MSTEE.sys
8064 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: MTConfig
ImagePath: \SystemRoot\system32\drivers\MTConfig.sys
C:\Windows\System32\drivers\MTConfig.sys
15360 bytes
Created: 14.07.2009 01:02
Modified: 14.07.2009 01:02
Company: Microsoft Corporation
----------
Key: Mup
ImagePath: System32\Drivers\mup.sys
C:\Windows\System32\Drivers\mup.sys
60496 bytes
Created: 14.07.2009 00:23
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: MyWiFiDHCPDNS
ImagePath: C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
340240 bytes
Created: 04.01.2012 12:14
Modified: 04.01.2012 12:14
Company:
----------
Key: NativeWifiP
ImagePath: system32\DRIVERS\nwifi.sys
C:\Windows\System32\DRIVERS\nwifi.sys
318976 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 01:07
Company: Microsoft Corporation
----------
Key: NDIS
ImagePath: system32\drivers\ndis.sys
C:\Windows\System32\drivers\ndis.sys
950128 bytes
Created: 12.09.2012 07:31
Modified: 22.08.2012 19:12
Company: Microsoft Corporation
----------
Key: NdisCap
ImagePath: system32\DRIVERS\ndiscap.sys
C:\Windows\System32\DRIVERS\ndiscap.sys
35328 bytes
Created: 14.07.2009 01:08
Modified: 14.07.2009 01:08
Company: Microsoft Corporation
----------
Key: NdisTapi
ImagePath: system32\DRIVERS\ndistapi.sys
C:\Windows\System32\DRIVERS\ndistapi.sys
24064 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: Ndisuio
ImagePath: system32\DRIVERS\ndisuio.sys
C:\Windows\System32\DRIVERS\ndisuio.sys
56832 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: NdisWan
ImagePath: system32\DRIVERS\ndiswan.sys
C:\Windows\System32\DRIVERS\ndiswan.sys
164352 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: NetBIOS
ImagePath: system32\DRIVERS\netbios.sys
C:\Windows\System32\DRIVERS\netbios.sys
44544 bytes
Created: 14.07.2009 01:09
Modified: 14.07.2009 01:09
Company: Microsoft Corporation
----------
Key: NetBT
ImagePath: System32\DRIVERS\netbt.sys
C:\Windows\System32\DRIVERS\netbt.sys
261632 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: Netlogon
ImagePath: %systemroot%\system32\lsass.exe
C:\Windows\System32\lsass.exe
31232 bytes
Created: 18.01.2012 14:53
Modified: 17.11.2011 07:33
Company: Microsoft Corporation
----------
Key: NETwNs64
ImagePath: system32\DRIVERS\Netwsw00.sys
C:\Windows\System32\DRIVERS\Netwsw00.sys
11518976 bytes
Created: 06.12.2012 12:11
Modified: 06.12.2012 12:11
Company: Intel Corporation
----------
Key: nfrd960
ImagePath: \SystemRoot\system32\drivers\nfrd960.sys
C:\Windows\System32\drivers\nfrd960.sys
51264 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:48
Company: IBM Corporation
----------
Key: nsiproxy
ImagePath: system32\drivers\nsiproxy.sys
C:\Windows\System32\drivers\nsiproxy.sys
24576 bytes
Created: 14.07.2009 00:21
Modified: 14.07.2009 00:21
Company: Microsoft Corporation
----------
Key: nusb3hub
ImagePath: system32\DRIVERS\nusb3hub.sys
C:\Windows\System32\DRIVERS\nusb3hub.sys
96768 bytes
Created: 25.10.2011 01:57
Modified: 25.10.2011 01:57
Company: Renesas Electronics Corporation
----------
Key: nusb3xhc
ImagePath: system32\DRIVERS\nusb3xhc.sys
C:\Windows\System32\DRIVERS\nusb3xhc.sys
213504 bytes
Created: 25.10.2011 01:57
Modified: 25.10.2011 01:57
Company: Renesas Electronics Corporation
----------
Key: nvlddmkm
ImagePath: system32\DRIVERS\nvlddmkm.sys
C:\Windows\System32\DRIVERS\nvlddmkm.sys
11572512 bytes
Created: 13.07.2009 22:59
Modified: 10.06.2009 21:37
Company: NVIDIA Corporation
----------
Key: nvraid
ImagePath: \SystemRoot\system32\drivers\nvraid.sys
C:\Windows\System32\drivers\nvraid.sys
148352 bytes
Created: 30.08.2011 03:48
Modified: 11.03.2011 07:41
Company: NVIDIA Corporation
----------
Key: nvstor
ImagePath: \SystemRoot\system32\drivers\nvstor.sys
C:\Windows\System32\drivers\nvstor.sys
166272 bytes
Created: 30.08.2011 03:48
Modified: 11.03.2011 07:41
Company: NVIDIA Corporation
----------
Key: nv_agp
ImagePath: \SystemRoot\system32\drivers\nv_agp.sys
C:\Windows\System32\drivers\nv_agp.sys
122960 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 02:48
Company: Microsoft Corporation
----------
Key: ohci1394
ImagePath: \SystemRoot\system32\drivers\ohci1394.sys
C:\Windows\System32\drivers\ohci1394.sys
72832 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28.07.2003 12:28
Modified: 28.07.2003 12:28
Company: Microsoft Corporation
----------
Key: Parport
ImagePath: \SystemRoot\system32\drivers\parport.sys
C:\Windows\System32\drivers\parport.sys
97280 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: partmgr
ImagePath: System32\drivers\partmgr.sys
C:\Windows\System32\drivers\partmgr.sys
75120 bytes
Created: 15.05.2012 07:54
Modified: 17.03.2012 08:58
Company: Microsoft Corporation
----------
Key: pci
ImagePath: system32\drivers\pci.sys
C:\Windows\System32\drivers\pci.sys
184704 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: pciide
ImagePath: \SystemRoot\system32\drivers\pciide.sys
C:\Windows\System32\drivers\pciide.sys
12352 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: pcmcia
ImagePath: \SystemRoot\system32\drivers\pcmcia.sys
C:\Windows\System32\drivers\pcmcia.sys
220752 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: pcw
ImagePath: System32\drivers\pcw.sys
C:\Windows\System32\drivers\pcw.sys
50768 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: PEAUTH
ImagePath: system32\drivers\peauth.sys
C:\Windows\System32\drivers\peauth.sys
651264 bytes
Created: 14.07.2009 00:51
Modified: 14.07.2009 02:01
Company: Microsoft Corporation
----------
Key: PerfHost
ImagePath: %SystemRoot%\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
20992 bytes
Created: 14.07.2009 00:11
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
----------
Key: Point64
ImagePath: system32\DRIVERS\point64.sys
C:\Windows\System32\DRIVERS\point64.sys
46176 bytes
Created: 26.06.2012 20:38
Modified: 26.06.2012 20:38
Company: Microsoft Corporation
----------
Key: PptpMiniport
ImagePath: system32\DRIVERS\raspptp.sys
C:\Windows\System32\DRIVERS\raspptp.sys
111104 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: Processor
ImagePath: \SystemRoot\system32\drivers\processr.sys
C:\Windows\System32\drivers\processr.sys
60416 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 00:19
Company: Microsoft Corporation
----------
Key: ProtectedStorage
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\System32\lsass.exe
31232 bytes
Created: 18.01.2012 14:53
Modified: 17.11.2011 07:33
Company: Microsoft Corporation
----------
Key: Psched
ImagePath: system32\DRIVERS\pacer.sys
C:\Windows\System32\DRIVERS\pacer.sys
131584 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: ql2300
ImagePath: \SystemRoot\system32\drivers\ql2300.sys
C:\Windows\System32\drivers\ql2300.sys
1524816 bytes
Created: 10.06.2009 21:37
Modified: 14.07.2009 02:45
Company: QLogic Corporation
----------
Key: ql40xx
ImagePath: \SystemRoot\system32\drivers\ql40xx.sys
C:\Windows\System32\drivers\ql40xx.sys
128592 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:45
Company: QLogic Corporation
----------
Key: QWAVEdrv
ImagePath: \SystemRoot\system32\drivers\qwavedrv.sys
C:\Windows\System32\drivers\qwavedrv.sys
46592 bytes
Created: 14.07.2009 01:09
Modified: 14.07.2009 01:09
Company: Microsoft Corporation
----------
Key: RasAcd
ImagePath: System32\DRIVERS\rasacd.sys
C:\Windows\System32\DRIVERS\rasacd.sys
14848 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: RasAgileVpn
ImagePath: system32\DRIVERS\AgileVpn.sys
C:\Windows\System32\DRIVERS\AgileVpn.sys
60416 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: Rasl2tp
ImagePath: system32\DRIVERS\rasl2tp.sys
C:\Windows\System32\DRIVERS\rasl2tp.sys
129536 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: RasPppoe
ImagePath: system32\DRIVERS\raspppoe.sys
C:\Windows\System32\DRIVERS\raspppoe.sys
92672 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: RasSstp
ImagePath: system32\DRIVERS\rassstp.sys
C:\Windows\System32\DRIVERS\rassstp.sys
83968 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: rdbss
ImagePath: system32\DRIVERS\rdbss.sys
C:\Windows\System32\DRIVERS\rdbss.sys
309248 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: rdpbus
ImagePath: \SystemRoot\system32\drivers\rdpbus.sys
C:\Windows\System32\drivers\rdpbus.sys
24064 bytes
Created: 14.07.2009 01:17
Modified: 14.07.2009 01:17
Company: Microsoft Corporation
----------
Key: RDPCDD
ImagePath: System32\DRIVERS\RDPCDD.sys
C:\Windows\System32\DRIVERS\RDPCDD.sys
7680 bytes
Created: 14.07.2009 01:16
Modified: 14.07.2009 01:16
Company: Microsoft Corporation
----------
Key: RDPDR
ImagePath: System32\drivers\rdpdr.sys
C:\Windows\System32\drivers\rdpdr.sys
165888 bytes
Created: 21.11.2010 04:25
Modified: 21.11.2010 04:25
Company: Microsoft Corporation
----------
Key: RDPENCDD
ImagePath: system32\drivers\rdpencdd.sys
C:\Windows\System32\drivers\rdpencdd.sys
7680 bytes
Created: 14.07.2009 01:16
Modified: 14.07.2009 01:16
Company: Microsoft Corporation
----------
Key: RDPREFMP
ImagePath: system32\drivers\rdprefmp.sys
C:\Windows\System32\drivers\rdprefmp.sys
8192 bytes
Created: 14.07.2009 01:16
Modified: 14.07.2009 01:16
Company: Microsoft Corporation
----------
Key: RdpVideoMiniport
ImagePath: System32\drivers\rdpvideominiport.sys
C:\Windows\System32\drivers\rdpvideominiport.sys
19456 bytes
Created: 29.10.2012 11:43
Modified: 23.08.2012 15:10
Company: Microsoft Corporation
----------
Key: rdyboost
ImagePath: System32\drivers\rdyboost.sys
C:\Windows\System32\drivers\rdyboost.sys
213888 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: RegSrvc
ImagePath: C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
844560 bytes
Created: 04.01.2012 12:13
Modified: 04.01.2012 12:13
Company: Intel(R) Corporation
----------
Key: RFCOMM
ImagePath: system32\DRIVERS\rfcomm.sys
C:\Windows\System32\DRIVERS\rfcomm.sys
158720 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: RpcLocator
ImagePath: %SystemRoot%\system32\locator.exe
C:\Windows\System32\locator.exe
10240 bytes
Created: 14.07.2009 00:59
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: RSPCIESTOR
ImagePath: system32\DRIVERS\RtsPStor.sys
C:\Windows\System32\DRIVERS\RtsPStor.sys
337512 bytes
Created: 30.08.2011 04:00
Modified: 16.06.2011 21:51
Company: Realtek Semiconductor Corp.
----------
Key: rspndr
ImagePath: system32\DRIVERS\rspndr.sys
C:\Windows\System32\DRIVERS\rspndr.sys
76800 bytes
Created: 14.07.2009 01:08
Modified: 14.07.2009 01:08
Company: Microsoft Corporation
----------
Key: RTL8167
ImagePath: system32\DRIVERS\Rt64win7.sys
C:\Windows\System32\DRIVERS\Rt64win7.sys
425064 bytes
Created: 30.08.2011 03:57
Modified: 30.01.2011 02:19
Company: Realtek
----------
Key: s3cap
ImagePath: \SystemRoot\system32\drivers\vms3cap.sys
C:\Windows\System32\drivers\vms3cap.sys
6656 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: SamSs
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\System32\lsass.exe
31232 bytes
Created: 18.01.2012 14:53
Modified: 17.11.2011 07:33
Company: Microsoft Corporation
----------
Key: sbp2port
ImagePath: \SystemRoot\system32\drivers\sbp2port.sys
C:\Windows\System32\drivers\sbp2port.sys
103808 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: scfilter
ImagePath: System32\DRIVERS\scfilter.sys
C:\Windows\System32\DRIVERS\scfilter.sys
29696 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: sdbus
ImagePath: system32\DRIVERS\sdbus.sys
C:\Windows\System32\DRIVERS\sdbus.sys
109056 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\System32\drivers\serenum.sys
23552 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\System32\drivers\serial.sys
94208 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: sermouse
ImagePath: \SystemRoot\system32\drivers\sermouse.sys
C:\Windows\System32\drivers\sermouse.sys
26624 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 01:00
Company: Microsoft Corporation
----------
Key: SFEP
ImagePath: \SystemRoot\system32\drivers\SFEP.sys
C:\Windows\System32\drivers\SFEP.sys
12032 bytes
Created: 02.06.2010 03:59
Modified: 26.04.2010 21:20
Company: Sony Corporation
----------
Key: sffdisk
ImagePath: \SystemRoot\system32\drivers\sffdisk.sys
C:\Windows\System32\drivers\sffdisk.sys
14336 bytes
Created: 14.07.2009 01:01
Modified: 14.07.2009 01:01
Company: Microsoft Corporation
----------
Key: sffp_mmc
ImagePath: \SystemRoot\system32\drivers\sffp_mmc.sys
C:\Windows\System32\drivers\sffp_mmc.sys
13824 bytes
Created: 14.07.2009 01:01
Modified: 14.07.2009 01:01
Company: Microsoft Corporation
----------
Key: sffp_sd
ImagePath: \SystemRoot\system32\drivers\sffp_sd.sys
C:\Windows\System32\drivers\sffp_sd.sys
14336 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: sfloppy
ImagePath: \SystemRoot\system32\drivers\sfloppy.sys
C:\Windows\System32\drivers\sfloppy.sys
16896 bytes
Created: 14.07.2009 01:01
Modified: 14.07.2009 01:01
Company: Microsoft Corporation
----------
Key: SiSRaid2
ImagePath: \SystemRoot\system32\drivers\SiSRaid2.sys
C:\Windows\System32\drivers\SiSRaid2.sys
43584 bytes
Created: 10.06.2009 21:37
Modified: 14.07.2009 02:45
Company: Silicon Integrated Systems Corp.
----------
Key: SiSRaid4
ImagePath: \SystemRoot\system32\drivers\sisraid4.sys
C:\Windows\System32\drivers\sisraid4.sys
80464 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:45
Company: Silicon Integrated Systems
----------
Key: Skype C2C Service
ImagePath: "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
3064000 bytes
Created: 02.10.2012 12:13
Modified: 02.10.2012 12:13
Company: Skype Technologies S.A.
----------
Key: SkypeUpdate
ImagePath: "C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Program Files (x86)\Skype\Updater\Updater.exe
-R- 160944 bytes
Created: 19.10.2012 16:33
Modified: 19.10.2012 16:33
Company: Skype Technologies
----------
Key: Smb
ImagePath: system32\DRIVERS\smb.sys
C:\Windows\System32\DRIVERS\smb.sys
93184 bytes
Created: 14.07.2009 01:09
Modified: 14.07.2009 01:09
Company: Microsoft Corporation
----------
Key: SNMPTRAP
ImagePath: %SystemRoot%\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
14336 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: Spooler
ImagePath: %SystemRoot%\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
559104 bytes
Created: 16.08.2012 12:13
Modified: 11.02.2012 07:36
Company: Microsoft Corporation
----------
Key: sppsvc
ImagePath: %SystemRoot%\system32\sppsvc.exe
C:\Windows\System32\sppsvc.exe
3524608 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: srv
ImagePath: System32\DRIVERS\srv.sys
C:\Windows\System32\DRIVERS\srv.sys
467456 bytes
Created: 18.01.2012 13:54
Modified: 29.04.2011 04:06
Company: Microsoft Corporation
----------
Key: srv2
ImagePath: System32\DRIVERS\srv2.sys
C:\Windows\System32\DRIVERS\srv2.sys
410112 bytes
Created: 18.01.2012 13:54
Modified: 29.04.2011 04:05
Company: Microsoft Corporation
----------
Key: srvnet
ImagePath: System32\DRIVERS\srvnet.sys
C:\Windows\System32\DRIVERS\srvnet.sys
168448 bytes
Created: 18.01.2012 13:54
Modified: 29.04.2011 04:05
Company: Microsoft Corporation
----------
Key: stexstor
ImagePath: \SystemRoot\system32\drivers\stexstor.sys
C:\Windows\System32\drivers\stexstor.sys
24656 bytes
Created: 13.07.2009 22:59
Modified: 14.07.2009 02:45
Company: Promise Technology
----------
Key: storflt
ImagePath: system32\drivers\vmstorfl.sys
C:\Windows\System32\drivers\vmstorfl.sys
46464 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: storvsc
ImagePath: \SystemRoot\system32\drivers\storvsc.sys
C:\Windows\System32\drivers\storvsc.sys
34688 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: swenum
ImagePath: \SystemRoot\system32\drivers\swenum.sys
C:\Windows\System32\drivers\swenum.sys
12496 bytes
Created: 14.07.2009 01:00
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: Tcpip
ImagePath: System32\drivers\tcpip.sys
C:\Windows\System32\drivers\tcpip.sys
1914248 bytes
Created: 14.11.2012 08:02
Modified: 03.10.2012 18:56
Company: Microsoft Corporation
----------
Key: TCPIP6
ImagePath: system32\DRIVERS\tcpip.sys
C:\Windows\System32\DRIVERS\tcpip.sys
1914248 bytes
Created: 14.11.2012 08:02
Modified: 03.10.2012 18:56
Company: Microsoft Corporation
----------
Key: tcpipreg
ImagePath: System32\drivers\tcpipreg.sys
C:\Windows\System32\drivers\tcpipreg.sys
45568 bytes
Created: 14.11.2012 08:02
Modified: 03.10.2012 17:07
Company: Microsoft Corporation
----------
Key: TDPIPE
ImagePath: system32\drivers\tdpipe.sys
C:\Windows\System32\drivers\tdpipe.sys
15872 bytes
Created: 14.07.2009 01:16
Modified: 14.07.2009 01:16
Company: Microsoft Corporation
----------
Key: TDTCP
ImagePath: system32\drivers\tdtcp.sys
C:\Windows\System32\drivers\tdtcp.sys
23552 bytes
Created: 14.03.2012 09:34
Modified: 17.02.2012 05:57
Company: Microsoft Corporation
----------
Key: tdx
ImagePath: system32\DRIVERS\tdx.sys
C:\Windows\System32\DRIVERS\tdx.sys
119296 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: TermDD
ImagePath: \SystemRoot\system32\drivers\termdd.sys
C:\Windows\System32\drivers\termdd.sys
63360 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: TPM
ImagePath: system32\drivers\tpm.sys
C:\Windows\System32\drivers\tpm.sys
38400 bytes
Created: 14.07.2009 00:21
Modified: 14.07.2009 00:21
Company: Microsoft Corporation
----------
Key: TrustedInstaller
ImagePath: %SystemRoot%\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
194048 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: tssecsrv
ImagePath: System32\DRIVERS\tssecsrv.sys
C:\Windows\System32\DRIVERS\tssecsrv.sys
39424 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: TsUsbFlt
ImagePath: system32\drivers\tsusbflt.sys
C:\Windows\System32\drivers\tsusbflt.sys
57856 bytes
Created: 29.10.2012 11:43
Modified: 23.08.2012 15:07
Company: Microsoft Corporation
----------
Key: TsUsbGD
ImagePath: \SystemRoot\system32\drivers\TsUsbGD.sys
C:\Windows\System32\drivers\TsUsbGD.sys
30208 bytes
Created: 29.10.2012 11:43
Modified: 23.08.2012 15:08
Company: Microsoft Corporation
----------
Key: tunnel
ImagePath: system32\DRIVERS\tunnel.sys
C:\Windows\System32\DRIVERS\tunnel.sys
125440 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: uagp35
ImagePath: \SystemRoot\system32\drivers\uagp35.sys
C:\Windows\System32\drivers\uagp35.sys
64080 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: udfs
ImagePath: system32\DRIVERS\udfs.sys
C:\Windows\System32\DRIVERS\udfs.sys
328192 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: UI0Detect
ImagePath: %SystemRoot%\system32\UI0Detect.exe
C:\Windows\System32\UI0Detect.exe
40960 bytes
Created: 14.07.2009 00:52
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: uliagpkx
ImagePath: \SystemRoot\system32\drivers\uliagpkx.sys
C:\Windows\System32\drivers\uliagpkx.sys
64592 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: umbus
ImagePath: system32\DRIVERS\umbus.sys
C:\Windows\System32\DRIVERS\umbus.sys
48640 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: UmPass
ImagePath: \SystemRoot\system32\drivers\umpass.sys
C:\Windows\System32\drivers\umpass.sys
9728 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: UNS
ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2656536 bytes
Created: 30.08.2011 04:00
Modified: 17.06.2011 21:02
Company: Intel Corporation
----------
Key: usbccgp
ImagePath: system32\DRIVERS\usbccgp.sys
C:\Windows\System32\DRIVERS\usbccgp.sys
98816 bytes
Created: 26.05.2011 21:05
Modified: 26.05.2011 21:05
Company: Microsoft Corporation
----------
Key: usbcir
ImagePath: \SystemRoot\system32\drivers\usbcir.sys
C:\Windows\System32\drivers\usbcir.sys
100352 bytes
Created: 14.07.2009 01:06
Modified: 14.07.2009 01:06
Company: Microsoft Corporation
----------
Key: usbehci
ImagePath: \SystemRoot\system32\drivers\usbehci.sys
C:\Windows\System32\drivers\usbehci.sys
52736 bytes
Created: 26.05.2011 21:05
Modified: 26.05.2011 21:05
Company: Microsoft Corporation
----------
Key: usbhub
ImagePath: \SystemRoot\system32\drivers\usbhub.sys
C:\Windows\System32\drivers\usbhub.sys
343040 bytes
Created: 26.05.2011 21:05
Modified: 26.05.2011 21:05
Company: Microsoft Corporation
----------
Key: usbohci
ImagePath: \SystemRoot\system32\drivers\usbohci.sys
C:\Windows\System32\drivers\usbohci.sys
25600 bytes
Created: 26.05.2011 21:05
Modified: 26.05.2011 21:05
Company: Microsoft Corporation
----------
Key: usbprint
ImagePath: system32\DRIVERS\usbprint.sys
C:\Windows\System32\DRIVERS\usbprint.sys
25088 bytes
Created: 14.07.2009 01:38
Modified: 14.07.2009 01:38
Company: Microsoft Corporation
----------
Key: usbscan
ImagePath: system32\DRIVERS\usbscan.sys
C:\Windows\System32\DRIVERS\usbscan.sys
41984 bytes
Created: 14.07.2009 01:35
Modified: 14.07.2009 01:35
Company: Microsoft Corporation
----------
Key: USBSTOR
ImagePath: system32\DRIVERS\USBSTOR.SYS
C:\Windows\System32\DRIVERS\USBSTOR.SYS
91648 bytes
Created: 30.08.2011 03:48
Modified: 11.03.2011 05:37
Company: Microsoft Corporation
----------
Key: usbuhci
ImagePath: \SystemRoot\system32\drivers\usbuhci.sys
C:\Windows\System32\drivers\usbuhci.sys
30720 bytes
Created: 26.05.2011 21:05
Modified: 26.05.2011 21:05
Company: Microsoft Corporation
----------
Key: usbvideo
ImagePath: System32\Drivers\usbvideo.sys
C:\Windows\System32\Drivers\usbvideo.sys
184960 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: VAIO Event Service
ImagePath: "C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe"
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
66696 bytes
Created: 30.08.2011 04:10
Modified: 07.07.2011 14:44
Company: Sony Corporation
----------
Key: VAIO Power Management
ImagePath: "C:\Program Files\Sony\VAIO Power Management\SPMService.exe"
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
552584 bytes
Created: 30.08.2011 04:11
Modified: 31.05.2011 15:51
Company: Sony Corporation
----------
Key: VaultSvc
ImagePath: %SystemRoot%\system32\lsass.exe
C:\Windows\System32\lsass.exe
31232 bytes
Created: 18.01.2012 14:53
Modified: 17.11.2011 07:33
Company: Microsoft Corporation
----------
Key: vdrvroot
ImagePath: system32\drivers\vdrvroot.sys
C:\Windows\System32\drivers\vdrvroot.sys
36432 bytes
Created: 14.07.2009 01:01
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: vds
ImagePath: %SystemRoot%\System32\vds.exe
C:\Windows\System32\vds.exe
533504 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: vga
ImagePath: system32\DRIVERS\vgapnp.sys
C:\Windows\System32\DRIVERS\vgapnp.sys
29184 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 00:38
Company: Microsoft Corporation
----------
Key: VgaSave
ImagePath: \SystemRoot\System32\drivers\vga.sys
C:\Windows\System32\drivers\vga.sys
29184 bytes
Created: 14.07.2009 00:38
Modified: 14.07.2009 00:38
Company: Microsoft Corporation
----------
Key: vhdmp
ImagePath: \SystemRoot\system32\drivers\vhdmp.sys
C:\Windows\System32\drivers\vhdmp.sys
215936 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: viaide
ImagePath: \SystemRoot\system32\drivers\viaide.sys
C:\Windows\System32\drivers\viaide.sys
17488 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:45
Company: VIA Technologies, Inc.
----------
Key: vmbus
ImagePath: \SystemRoot\system32\drivers\vmbus.sys
C:\Windows\System32\drivers\vmbus.sys
199552 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: VMBusHID
ImagePath: \SystemRoot\system32\drivers\VMBusHID.sys
C:\Windows\System32\drivers\VMBusHID.sys
21760 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: volmgr
ImagePath: system32\drivers\volmgr.sys
C:\Windows\System32\drivers\volmgr.sys
71552 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: volmgrx
ImagePath: System32\drivers\volmgrx.sys
C:\Windows\System32\drivers\volmgrx.sys
363392 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: volsnap
ImagePath: system32\drivers\volsnap.sys
C:\Windows\System32\drivers\volsnap.sys
295808 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: vsmraid
ImagePath: \SystemRoot\system32\drivers\vsmraid.sys
C:\Windows\System32\drivers\vsmraid.sys
161872 bytes
Created: 10.06.2009 21:37
Modified: 14.07.2009 02:45
Company: VIA Technologies Inc.,Ltd
----------
Key: VSNService
ImagePath: "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe"
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
969352 bytes
Created: 30.08.2011 04:12
Modified: 15.07.2011 15:43
Company: Sony Corporation
----------
Key: VSS
ImagePath: %systemroot%\system32\vssvc.exe
C:\Windows\System32\vssvc.exe
1600512 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: VUAgent
ImagePath: "C:\Program Files\Sony\VAIO Update Common\VUAgent.exe"
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
1256040 bytes
Created: 13.01.2012 09:55
Modified: 13.01.2012 09:55
Company: Sony Corporation
----------
Key: vwifibus
ImagePath: system32\DRIVERS\vwifibus.sys
C:\Windows\System32\DRIVERS\vwifibus.sys
24576 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 01:07
Company: Microsoft Corporation
----------
Key: vwififlt
ImagePath: system32\DRIVERS\vwififlt.sys
C:\Windows\System32\DRIVERS\vwififlt.sys
59904 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 01:07
Company: Microsoft Corporation
----------
Key: vwifimp
ImagePath: system32\DRIVERS\vwifimp.sys
C:\Windows\System32\DRIVERS\vwifimp.sys
17920 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 01:07
Company: Microsoft Corporation
----------
Key: WacomPen
ImagePath: \SystemRoot\system32\drivers\wacompen.sys
C:\Windows\System32\drivers\wacompen.sys
27776 bytes
Created: 14.07.2009 01:02
Modified: 14.07.2009 01:02
Company: Microsoft Corporation
----------
Key: WANARP
ImagePath: system32\DRIVERS\wanarp.sys
C:\Windows\System32\DRIVERS\wanarp.sys
88576 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: Wanarpv6
ImagePath: system32\DRIVERS\wanarp.sys
C:\Windows\System32\DRIVERS\wanarp.sys
88576 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
----------
Key: wbengine
ImagePath: "%systemroot%\system32\wbengine.exe"
C:\Windows\System32\wbengine.exe
1504256 bytes
Created: 21.11.2010 04:25
Modified: 21.11.2010 04:25
Company: Microsoft Corporation
----------
Key: Wd
ImagePath: system32\drivers\wd.sys
C:\Windows\System32\drivers\wd.sys
21056 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: Wdf01000
ImagePath: system32\drivers\Wdf01000.sys
C:\Windows\System32\drivers\Wdf01000.sys
785512 bytes
Created: 20.11.2012 08:19
Modified: 26.07.2012 05:55
Company: Microsoft Corporation
----------
Key: wdkmd
ImagePath: system32\DRIVERS\WDKMD.sys
C:\Windows\System32\DRIVERS\WDKMD.sys
42392 bytes
Created: 21.06.2011 14:19
Modified: 21.06.2011 14:19
Company: Intel Corporation
----------
Key: WfpLwf
ImagePath: system32\DRIVERS\wfplwf.sys
C:\Windows\System32\DRIVERS\wfplwf.sys
12800 bytes
Created: 14.07.2009 01:09
Modified: 14.07.2009 01:09
Company: Microsoft Corporation
----------
Key: WIMMount
ImagePath: system32\drivers\wimmount.sys
C:\Windows\System32\drivers\wimmount.sys
22096 bytes
Created: 14.07.2009 00:29
Modified: 14.07.2009 02:45
Company: Microsoft Corporation
----------
Key: WinUsb
ImagePath: system32\DRIVERS\WinUsb.sys
C:\Windows\System32\DRIVERS\WinUsb.sys
41984 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
----------
Key: WmiAcpi
ImagePath: \SystemRoot\system32\drivers\wmiacpi.sys
C:\Windows\System32\drivers\wmiacpi.sys
14336 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 00:31
Company: Microsoft Corporation
----------
Key: wmiApSrv
ImagePath: %systemroot%\system32\wbem\WmiApSrv.exe
C:\Windows\System32\wbem\WmiApSrv.exe
203264 bytes
Created: 14.07.2009 00:47
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
C:\Program Files\Windows Media Player\wmpnetwk.exe
1525248 bytes
Created: 21.11.2010 04:25
Modified: 21.11.2010 04:25
Company: Microsoft Corporation
----------
Key: ws2ifsl
ImagePath: \SystemRoot\system32\drivers\ws2ifsl.sys
C:\Windows\System32\drivers\ws2ifsl.sys
21504 bytes
Created: 14.07.2009 01:10
Modified: 14.07.2009 01:10
Company: Microsoft Corporation
----------
Key: WSearch
ImagePath: %systemroot%\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created: 18.01.2012 13:55
Modified: 04.05.2011 06:19
Company: Microsoft Corporation
----------
Key: WTGService
ImagePath: C:\Program Files (x86)\OneClickInternet\WTGService.exe
C:\Program Files (x86)\OneClickInternet\WTGService.exe
342984 bytes
Created: 30.08.2011 05:04
Modified: 09.03.2011 11:40
Company: [no info]
----------
Key: WudfPf
ImagePath: system32\drivers\WudfPf.sys
C:\Windows\System32\drivers\WudfPf.sys
87040 bytes
Created: 16.11.2012 14:58
Modified: 26.07.2012 03:26
Company: Microsoft Corporation
----------
Key: WUDFRd
ImagePath: system32\DRIVERS\WUDFRd.sys
C:\Windows\System32\DRIVERS\WUDFRd.sys
198656 bytes
Created: 16.11.2012 14:58
Modified: 26.07.2012 03:26
Company: Microsoft Corporation
----------

************************************************************
23:30:33: Scanning -----VXD ENTRIES-----

************************************************************
23:30:33: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan
Rootkit scan of Winlogon\Notify key not possible [key may not exist]

************************************************************
23:30:33: Scanning ----- CONTEXTMENUHANDLERS -----
Key: BTMSentToExt
CLSID: {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44}
Path: C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
10358784 bytes
Created: 14.11.2011 17:13
Modified: 14.11.2011 17:13
Company: Intel Corporation
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll
2290464 bytes
Created: 10.10.2012 11:32
Modified: 13.12.2012 13:33
Company: Avira Operations GmbH & Co. KG
----------

************************************************************
23:30:33: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}
File: C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
7236736 bytes
Created: 21.09.2012 20:10
Modified: 14.08.2012 16:49
Company: Tracker Software Products (Canada) Ltd.
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
397016 bytes
Created: 18.12.2012 15:28
Modified: 18.12.2012 15:28
Company: Adobe Systems, Inc.
----------

************************************************************
23:30:34: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
66280 bytes
Created: 18.12.2012 15:28
Modified: 18.12.2012 15:28
Company: Adobe Systems Incorporated
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
253584 bytes
Created: 06.09.2012 23:18
Modified: 10.01.2013 18:33
Company: Google Inc.
----------
Key: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
BHO: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
5748928 bytes
Created: 02.10.2012 12:06
Modified: 02.10.2012 12:06
Company: Skype Technologies S.A.
----------
Key: {d2ce3e00-f94a-4740-988e-03dc2f38c34f}
BHO: "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
1219152 bytes
Created: 21.10.2011 15:23
Modified: 21.10.2011 15:23
Company: Microsoft Corporation.
----------

************************************************************
23:30:35: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
23:30:35: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

************************************************************
23:30:35: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
23:30:35: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
23:30:35: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
23:30:35: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 14.07.2009 05:54
Modified: 18.01.2012 13:22
Company: [no info]
--------------------
OneClick Internet.lnk - links to C:\PROGRA~2\ONECLI~1\ONECLI~1.EXE
C:\PROGRA~2\ONECLI~1\ONECLI~1.EXE
3128264 bytes
Created: 30.08.2011 05:04
Modified: 18.04.2011 09:14
Company: WebToGo Mobiles Internet GmbH
--------------------

************************************************************
23:30:36: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Mustermann
[C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 18.01.2012 14:13
Modified: 16.08.2012 13:16
Company: [no info]
----------
--------------------

************************************************************
23:30:37: Scanning ----- SCHEDULED TASKS -----
Taskname: Adobe Flash Player Updater
File: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
251400 bytes
Created: 03.09.2012 11:29
Modified: 09.01.2013 03:01
Company: Adobe Systems Incorporated
Schedule: At 01:05:00 every day
Next Run Time: 06.02.2013 00:05:00
Status: Ready
Creator: Adobe Systems Incorporated
Comments: Mit diesem Task ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes. Wenn dieser Task deaktiviert oder entfernt wird, kann Adobe Flash Player Ihren Computer nicht automatisch mit den neuesten Sicherheits-Fixes sichern.
----------
Taskname: CCleanerSkipUAC
File: C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\CCleaner\CCleaner.exe
3129184 bytes
Created: 24.09.2012 19:49
Modified: 24.09.2012 19:49
Company: Piriform Ltd
Parameters: $(Arg0)
Schedule: Task not scheduled
Next Run Time:
Status: Ready
Creator: Piriform Ltd
Comments:
----------
Taskname: CreateChoiceProcessTask
File: C:\Windows\Sysnative\browserchoice.exe
C:\Windows\System32\browserchoice.exe
294912 bytes
Created: 16.08.2012 12:15
Modified: 23.02.2010 09:16
Company: Microsoft Corporation
Parameters: /launch
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator: BrowserChoice
Comments:
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 06.09.2012 23:18
Modified: 06.09.2012 23:18
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 06.02.2013 08:33:00
Status: Ready
Creator: Mustermann
Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
116648 bytes
Created: 06.09.2012 23:18
Modified: 06.09.2012 23:18
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: At 08:33:00 every day
Next Run Time: 05.02.2013 23:33:00
Status: Ready
Creator: Mustermann
Comments: Hält Ihre Google-Software auf dem neuesten Stand. Falls diese Anwendung deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das heißt, dass eventuell auftretende Sicherheitslücken nicht behoben und bestimmte Funktionen möglicherweise nicht ausgeführt werden können. Diese Anwendung deinstalliert sich selbst, wenn sie nicht von einer Google-Software verwendet wird.
----------
Taskname: Microsoft_Hardware_Launch_devicecenter_exe
File: c:\Program Files\Microsoft Device Center\devicecenter.exe
c:\Program Files\Microsoft Device Center\devicecenter.exe
2084944 bytes
Created: 26.06.2012 20:38
Modified: 26.06.2012 20:38
Company: Microsoft
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator:
Comments:
----------
Taskname: Microsoft_Hardware_Launch_ipoint_exe
File: c:\Program Files\Microsoft Device Center\ipoint.exe
c:\Program Files\Microsoft Device Center\ipoint.exe
2004584 bytes
Created: 26.06.2012 20:38
Modified: 26.06.2012 20:38
Company: Microsoft Corporation
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator:
Comments:
----------
Taskname: Microsoft_Hardware_Launch_itype_exe
File: c:\Program Files\Microsoft Device Center\itype.exe
c:\Program Files\Microsoft Device Center\itype.exe
1464928 bytes
Created: 26.06.2012 20:38
Modified: 26.06.2012 20:38
Company: Microsoft Corporation
Schedule: At task creation/modification
Next Run Time:
Status: Ready
Creator:
Comments:
----------

************************************************************
23:30:39: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: SharingPrivate
CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
File: %SystemRoot%\system32\ntshrui.dll
C:\Windows\System32\ntshrui.dll
509952 bytes
Created: 22.02.2012 14:01
Modified: 04.01.2012 11:44
Company: Microsoft Corporation
----------

************************************************************
23:30:39: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: msacm.l3acm
File: C:\Windows\SysWOW64\l3codeca.acm
C:\Windows\SysWOW64\l3codeca.acm
64000 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 02:14
Company: Fraunhofer Institut Integrierte Schaltungen IIS
----------
Value: vidc.cvid
File: iccvid.dll
iccvid.dll - [file not found to scan]
----------

************************************************************
23:30:39: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
C:\Users\Mustermann\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
642987 bytes
Created: 18.01.2012 14:12
Modified: 18.01.2012 14:18
Company: [no info]
----------
Web Desktop Wallpaper entry is blank
----------
DNS Server information:
Interface: Huawei Gobi 3000 HS-USB Mobile Broadband Device
NameServers: 139.7.30.126 139.7.30.125
Checks for rogue DNS NameServers completed
----------
Checks for Backdoor.ZeroAccess completed
----------
Additional checks completed

************************************************************
23:30:40: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
112640 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\csrss.exe
7680 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wininit.exe
129024 bytes
Created: 14.07.2009 00:52
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\services.exe
328704 bytes
Created: 14.07.2009 00:19
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\lsm.exe
343040 bytes
Created: 21.11.2010 04:23
Modified: 21.11.2010 04:23
Company: Microsoft Corporation
--------------------
C:\Windows\System32\svchost.exe
27136 bytes
Created: 14.07.2009 00:31
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\winlogon.exe
390656 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wlanext.exe
99328 bytes
Created: 14.07.2009 01:07
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\conhost.exe
338432 bytes
Created: 09.01.2013 07:41
Modified: 30.11.2012 04:23
Company: Microsoft Corporation
--------------------
C:\Windows\System32\atieclxx.exe
485376 bytes
Created: 04.05.2012 10:07
Modified: 22.12.2011 07:55
Company: AMD
--------------------
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
183432 bytes
Created: 30.08.2011 04:10
Modified: 07.07.2011 14:44
Company: Sony Corporation
--------------------
C:\Windows\SysWOW64\DllHost.exe
7168 bytes
Created: 14.07.2009 00:43
Modified: 14.07.2009 02:14
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wbem\unsecapp.exe
47104 bytes
Created: 14.07.2009 00:47
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wbem\WmiPrvSE.exe
372736 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
--------------------
C:\Windows\System32\dwm.exe
120320 bytes
Created: 14.07.2009 00:37
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\taskhost.exe
68608 bytes
Created: 09.01.2013 07:41
Modified: 23.11.2012 04:13
Company: Microsoft Corporation
--------------------
C:\Windows\System32\rundll32.exe
45568 bytes
Created: 14.07.2009 00:57
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\taskeng.exe
464384 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
--------------------
C:\Program Files\Apoint\ApMsgFwd.exe
66856 bytes
Created: 21.06.2011 08:01
Modified: 15.06.2011 21:17
Company: Alps Electric Co., Ltd.
--------------------
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
839744 bytes
Created: 14.11.2011 17:13
Modified: 14.11.2011 17:13
Company: Intel Corporation
--------------------
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
550232 bytes
Created: 12.09.2009 23:09
Modified: 12.09.2009 23:09
Company: Citrix Systems, Inc.
--------------------
C:\Windows\System32\SearchIndexer.exe
591872 bytes
Created: 18.01.2012 13:55
Modified: 04.05.2011 06:19
Company: Microsoft Corporation
--------------------
C:\Program Files\Apoint\ApntEx.exe
29552 bytes
Created: 21.06.2011 08:01
Modified: 15.06.2011 21:17
Company: Alps Electric Co., Ltd.
--------------------
C:\Program Files\Apoint\Apvfb.exe
154480 bytes
Created: 21.06.2011 08:01
Modified: 15.06.2011 21:17
Company: ALPS
--------------------
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
4279736 bytes
Created: 30.08.2011 04:12
Modified: 15.07.2011 15:43
Company: Sony Corporation
--------------------
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
2381960 bytes
Created: 30.08.2011 04:11
Modified: 31.05.2011 15:51
Company: Sony Corporation
--------------------
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
299008 bytes
Created: 23.08.2010 15:11
Modified: 23.08.2010 15:11
Company: Advanced Micro Devices Inc.
--------------------
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
299008 bytes
Created: 28.09.2010 14:33
Modified: 28.09.2010 14:33
Company: ATI Technologies Inc.
--------------------
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
1132136 bytes
Created: 30.08.2011 04:13
Modified: 17.01.2012 10:36
Company: Sony Corporation
--------------------
C:\Windows\System32\wuauclt.exe
57880 bytes
Created: 16.08.2012 12:08
Modified: 02.06.2012 23:19
Company: Microsoft Corporation
--------------------
C:\Windows\splwow64.exe
67072 bytes
Created: 16.08.2012 12:13
Modified: 11.02.2012 07:36
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
10352472 bytes
Created: 31.05.2007 13:41
Modified: 31.05.2007 13:41
Company: Microsoft Corporation
--------------------
C:\Windows\System32\msiexec.exe
128000 bytes
Created: 21.11.2010 04:24
Modified: 21.11.2010 04:24
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Internet Explorer\iexplore.exe
757296 bytes
Created: 14.12.2012 08:23
Modified: 14.11.2012 03:56
Company: Microsoft Corporation
--------------------
c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\agcp.exe
16448 bytes
Created: 11.04.2012 01:15
Modified: 11.04.2012 01:15
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
247584 bytes
Created: 10.10.2012 11:32
Modified: 13.12.2012 13:32
Company: Avira Operations GmbH & Co. KG
--------------------
C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
16700032 bytes
Created: 21.09.2012 20:10
Modified: 14.08.2012 16:48
Company: Tracker Software Products (Canada) Ltd.
--------------------
C:\Windows\System32\SnippingTool.exe
431104 bytes
Created: 14.07.2009 01:03
Modified: 14.07.2009 02:39
Company: Microsoft Corporation
--------------------
C:\Windows\System32\wisptis.exe
405504 bytes
Created: 21.11.2010 04:25
Modified: 21.11.2010 04:25
Company: Microsoft Corporation
--------------------
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
FileSize: 4766968
[This is a Trojan Remover component]
--------------------
--------------------
C:\Windows\System32\SearchProtocolHost.exe
249856 bytes
Created: 18.01.2012 13:55
Modified: 04.05.2011 06:19
Company: Microsoft Corporation
--------------------
C:\Windows\System32\SearchFilterHost.exe
113664 bytes
Created: 18.01.2012 13:55
Modified: 04.05.2011 06:19
Company: Microsoft Corporation
--------------------

************************************************************
23:30:51: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\SysWOW64\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://ctx4u.barmenia.de/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://vaioportal.sony.eu

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 23:30:51 05 Feb 2013
Total Scan time: 00:01:31
************************************************************


Alt 06.02.2013, 19:18   #6
markusg
/// Malware-holic
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



hi
nutzt du das Gerät für Onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________
--> Trojaner > http://boxtralsurvisv.pl/gis/file.php

Alt 06.02.2013, 20:05   #7
troja-hilfe
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



Geldverkehr muss nicht sein, kann das auch über mein Notebook zu hause machen...

...warum fragts? Hast was entdeckt?

Alt 06.02.2013, 20:08   #8
markusg
/// Malware-holic
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



Jepp.
Frage: ist das nen Firmen gerät? da du sagst das geht über das Gerät von zuhause? wurde hier Onlinebanking gemacht, dann lass es sperren.
Notfallnummer:
116 116
Begründung, Trojan.zbot.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2013, 20:21   #9
troja-hilfe
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



woher kommt das Mistding?

Ja, das ist mein Firmen-Notebook! Wollt mich auf dem Weg zur Arbeit bei meinem Online-Banking einloggen und dann kam diese Sicherheitsprüfung und Abend gings auch nicht, dann hab ichs auf meinem privaten NB versucht und da bin ich reingekommen und da wurde ich skeptisch! Habs dann gestern noch gesperrt!

Was ist jetzt zu tun? Betrifft das nur das Online-Banking bzw. Gefahr bei Zahlungsverkehr oder ist das gesamte Notebook infiziert? Ist das ansteckend, d.h. wenn ich ne Mail mit Anhang verschicke geb ichs dann weiter?

Alt 06.02.2013, 20:32   #10
markusg
/// Malware-holic
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



hi
also da es ein Firmen pc ist, eine Frage, habt ihr ne IT abteilung, dann schaff das Gerät bitte da hin.
Da es aber ein Firmen gerät ist, würde ich es neu aufsetzen, da hier ein garantiert sauberes System nötig ist.
weiter versenden per Mailanhang wirst du es wohl nicht.
wo das her kommt, kann ich dir abschließend nicht sagen.
du nutzt hoffendlich auf nem Firmen gerät kein filesharing, porno, illegale Streamings wie kinox.to, das währen typische infektionsquellen, gehackte Seiten währen auch möglich
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.02.2013, 20:40   #11
troja-hilfe
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



Zitat:
weiter versenden per Mailanhang wirst du es wohl nicht.
kann man den dabei wichtige Dateien sichern?


Zitat:
weiter versenden per Mailanhang wirst du es wohl nicht.
d.h. Gefahr besteht nur bei Geldverkehr?

Zitat:
du nutzt hoffendlich auf nem Firmen gerät kein filesharing, porno, illegale Streamings wie kinox.to, das währen typische infektionsquellen
Nein - kanns auch an Java oder Adobe Acrobat liegen? Da liest man ja immer was von Sicherheitslücken!

Alt 06.02.2013, 20:42   #12
markusg
/// Malware-holic
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



Hi
daten sichern können wir. aber erst mal musst du mit der IT abteilung, wenn ihr eine habt abklären, ob die das machen, denn gewerblich genutzte geräte reinigen wir nicht, wenn ihr eine solche habt.
Diese malware stiehlt unter anderem Banking daten und hatt, je nach funktionsumfang mehr Möglichkeiten, spamversand zb
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.02.2013, 07:28   #13
troja-hilfe
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



http://www.trojaner-board.de/129770-gvu-trojaner.html

bestehe diese Möglichkeit nicht?

bin noch in der Probezeit, würd dies ungern der IT bekannt geben!

Was meinst du mit Spamversand?

Warum hat mich Antivir nicht davor geschützt?

Alt 07.02.2013, 12:08   #14
markusg
/// Malware-holic
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



hi
gib den laptop bitte eurer it, was meinst du wie groß dein Problem erst wird, wenn wirtschaftlicher Schaden entsteht?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.02.2013, 12:30   #15
troja-hilfe
 
Trojaner > http://boxtralsurvisv.pl/gis/file.php - Standard

Trojaner > http://boxtralsurvisv.pl/gis/file.php



also, unsere IT meint:

dass von der RecoveryDVD, die sie mir zuschicken, booten soll und das NB auf den Auslieferungszustand zurückversetze

die Daten die ich weiterhin brauche soll ich auf eine Festplatte ziehen oder auf DVD brennen


aber woher weiß ich denn, ob die Daten nicht auch befallen sind?

Antwort

Themen zu Trojaner > http://boxtralsurvisv.pl/gis/file.php
avira, blockiert, browser, daten, ebook, eingefangen, erkenn, erkennt, folge, folgende, gefangen, gefunde, kunde, loswerden, programm, quarantäne, schädlinge, tr/agent.55808.198, troja, trojan, trojaner, unerwünschtes, unerwünschtes programm, unterstützung, zugriff



Ähnliche Themen: Trojaner > http://boxtralsurvisv.pl/gis/file.php


  1. Trojaner? = http://goo.gl/eVstQT
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (4)
  2. Ungewollte Startseiten: *http://wisersearch.com/?channel=de_nt* und *http://search.fbdownloader.com/?channel=sfde203fbdgy21*
    Log-Analyse und Auswertung - 16.12.2013 (13)
  3. Infektion mit http://www.qvo6.com und http://static.icmapp.com
    Log-Analyse und Auswertung - 04.12.2013 (7)
  4. http://dfs.pathdone.net/sd/cpops-1.2.0.html?u=http%3A%2F%2Fdfs.pathdone.net%2Fsd%2Fapps%2Ffusionx%2F0.0.4.html%3Faff%3D1060-8002&p=LyricsSay
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (13)
  5. Windows XP: http://www_getwindowinfo/ - Trojaner
    Log-Analyse und Auswertung - 13.10.2013 (5)
  6. Pop Up in Firefox, http://rou.resyncload.net, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (7)
  7. http://www.searchnu.com/413 Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (20)
  8. Trojaner auf http://marketnewsnext7online.com/?12/2 ?
    Plagegeister aller Art und deren Bekämpfung - 20.12.2012 (9)
  9. http://furnituread.com Virus/Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (1)
  10. Problem mit Trojaner http://www.searchnu.com/413
    Log-Analyse und Auswertung - 04.05.2012 (1)
  11. Trojaner http://www.searchnu.com/406
    Log-Analyse und Auswertung - 01.05.2012 (12)
  12. http://w w w. searchnu . com /413 Toolbar, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (2)
  13. Möglicherweise Trojaner? http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (26)
  14. Auswertung Log-File weil http://localhost:9100/proxy.pac
    Log-Analyse und Auswertung - 07.03.2007 (4)
  15. Starseite http://www.security2k.net/ <-- Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.09.2005 (32)
  16. Skriptfehler: http://www.richfind.com/news.php + HijackThis log file
    Log-Analyse und Auswertung - 02.12.2004 (20)
  17. Wieder mal http://a-search.biz/ + Mein LOG File
    Log-Analyse und Auswertung - 17.11.2004 (15)

Zum Thema Trojaner > http://boxtralsurvisv.pl/gis/file.php - Hallo Forums-Gemeinde, heute in der früh erhielt ich folgende Malware-Meldung von Avira Antivirus Beim Zugriff auf Daten der URL "hxxp://boxtralsurvisv.pl/gis/file.php" wurde ein Virus oder unerwünschtes Programm 'TR/Agent.55808.198' [trojan] gefunden. Diese - Trojaner > http://boxtralsurvisv.pl/gis/file.php...
Archiv
Du betrachtest: Trojaner > http://boxtralsurvisv.pl/gis/file.php auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.