Online-Banking Trojaner bekomme ich nicht weg

Lawman · 02.11.2012, 19:41

Hallo Leute,

heute morgen hat mich meine Windows-Firewall gefragt, ob "explorer.exe" auf das Netz zugreifen darf oder so ähnlich. Irgendwie habe ich "ja" gesagt

Dann ging ich irgendwann über Firefox auf die Seite meiner Sparkasse. Es legte sich irgendwie ein weißer Kasten über die Seite und erzählte mir in der typischen sofort schon sprachlich als Fake erkennbaren Art und Weise, "wir haben jetzt neue Sicherheitseinstellungen" und "Sie müssen eine Testüberweisung ausführen". Ich habe nichts gemacht. Kurze Zeit später hatte ich eine SMS auf dem Handy mit der TAN für eine Überweisung von 2.736 EUR oder so. Das habe ich dann nicht gemacht

Avira wurde upgedatet, lief stundenlang im abgesicherten Modus über alle Laufwerke und hat einige Programme auf der Platte gefunden, die ich schon seit Jahren nicht mehr gestaret hatte, die aber einen Trojaner enthalten sollten. Der besagte Trojaner war aber nicht dabei.

So jetzt kommts:
Wenn ich im Browser auf www.malwarebytes.org gehe, steht sofort wieder www.google.de dort. Habe mir dann von einem Freund das Programm per Email schicken lassen. Es lässt sich nicht starten. Angeblich würde ich nicht über ausreichend Rechte verfügen. Bin aber als Admin angemeldet! Auch umbenennen von Namen und Endung in .com hat nicht geholfen.

Ich habe keine Ahnung, wie ich den Dreck nun loswerden soll.

Hilfe!

Viele Grüße,
Alex

M-K-D-B · 03.11.2012, 14:38

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Schritt 1
Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.exe

Starte bitte dds mit einem Doppelklick.
Der Desktop wird verschwinden, das ist normal.
Setze bitte einen Haken bei
- dds.txt ( Sollte angehakt sein )
- attach.txt
Ändere keine Einstellungen ohne Anweisung
Wenn der Scan beendet ist, wird DDS 2 Logfiles auf deinem Desktop erstellen:
- dds.txt
- attach.txt

Bitte poste beide Logfiles in deiner nächsten Antwort.

Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 4
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von DDS,
die Logdatei von DeFogger,
die Logdatei von aswMBR,
die Logdatei von TDSSKiller.

Lawman · 03.11.2012, 16:21

Hallo Matthias,

vielen Dank für Deine Hilfe!

Hier die gewünschten Dateien:

--------- DDS.TXT----------DDS Logfile:

Code:

ATTFilter

DDS (Ver_2012-10-19.01) - NTFS_x86 
Internet Explorer: 8.0.6001.19328  BrowserJavaVersion: 10.7.2
Run by Alex at 14:54:37 on 2012-11-03
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2047.1114 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\common files\gnab\service\servicecontroller.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
C:\Windows\system32\SearchIndexer.exe
C:\MedionVA\WTGService.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.daemon-search.com/startpage
mSearch Bar = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
mDefault_Page_URL = hxxp://www.aldi.com/
mDefault_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
BHO: Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ICQ] "c:\program files\icq6\ICQ.exe" silent
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Kiehgoceuf] c:\users\alex\appdata\roaming\oleb\fadek.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [TVBroadcast] c:\program files\sceneo\absoluttv\services\odsbc\ODSBCApp.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [toolbar_eula_launcher] c:\program files\googleeula\EULALauncher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [LiveUpdate] c:\program files\byteswarm\liveupdate\LiveUpdate.exe
mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{5C06A783-A4D7-4ABB-B2BB-D468D80441D4} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{784FD3C6-63C6-4BE2-8CD9-1D4FAD1E3437} : DHCPNameServer = 192.168.2.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\n1p5cw3r.default\
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\n1p5cw3r.default\extensions\2020player@2020technologies.com\plugins\NP2020Player.dll
FF - plugin: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\n1p5cw3r.default\extensions\2020player_ikea@2020technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-09-08 07:46; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-22 19:22; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\alex\appdata\roaming\mozilla\firefox\profiles\n1p5cw3r.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2009-06-27 09:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-5-29 36000]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-5 172032]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-5-29 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-5-29 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-5-29 83392]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-18 21504]
R2 GnabService;GnabService;c:\program files\common files\gnab\service\ServiceController.exe [2008-1-14 36864]
R2 srvcPVR;Sceneo PVR Service;c:\program files\sceneo\absoluttv\services\pvr\pvrservice.exe [2008-1-14 1681408]
R2 WTGService;WTGService;c:\medionva\WTGService.exe [2011-11-26 330696]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-5-5 5550592]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-5-5 176128]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-12-12 554496]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2007-12-12 13976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-1-14 1302368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250808]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\aldi foto service nord\common\database\bin\fbserver.exe [2008-1-16 1527900]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2008-3-11 34639]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-31 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 115168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-3-19 136704]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-01 18:54:20	--------	d-----w-	c:\users\alex\appdata\roaming\Oleb
2012-11-01 18:54:20	--------	d-----w-	c:\users\alex\appdata\roaming\Apype
2012-11-01 18:54:20	--------	d-----w-	c:\users\alex\appdata\roaming\Amopob
2012-10-28 09:40:48	--------	d-----w-	C:\Es war einmal der Mensch DVD 6 (C-XC O T-174 S-0 A-DE_EN_FR Q-124)
2012-10-17 22:15:15	--------	d-----w-	C:\Spacken Test
2012-10-10 06:05:05	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 06:05:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 06:05:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 06:05:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 06:04:54	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 06:04:41	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-10 06:04:40	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
.
==================== Find3M  ====================
.
2012-11-03 13:49:53	139152	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-11-03 13:49:46	111928	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-10-10 00:07:06	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 00:07:06	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-22 07:54:49	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-22 07:54:49	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-22 07:54:49	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-25 11:50:39	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-25 11:44:53	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-08-25 11:44:29	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-25 11:44:13	71680	----a-w-	c:\windows\system32\iesetup.dll
2012-08-25 11:44:13	109056	----a-w-	c:\windows\system32\iesysprep.dll
2012-08-25 10:11:12	385024	----a-w-	c:\windows\system32\html.iec
2012-08-25 08:31:40	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-25 08:29:22	1638912	----a-w-	c:\windows\system32\mshtml.tlb
.
============= FINISH: 14:55:26,96 ===============

--- --- ---

-----------ATTACH.TXT------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 13.02.2008 20:59:15
System Uptime: 03.11.2012 07:55:23 (7 hours ago)
.
Motherboard: MEDIONPC | | MS-7366
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | CPU 1 | 2336/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 230 GiB total, 25,434 GiB free.
D: is FIXED (NTFS) - 68 GiB total, 4,572 GiB free.
E: is FIXED (NTFS) - 147 GiB total, 7,427 GiB free.
F: is CDROM ()
G: is CDROM (CDFS)
K: is Removable
L: is Removable
M: is Removable
N: is FIXED (FAT32) - 20 GiB total, 10,684 GiB free.
O: is CDROM ()
P: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2182: 24.10.2012 09:54:07 - Geplanter Prüfpunkt
RP2183: 25.10.2012 09:24:18 - Geplanter Prüfpunkt
RP2184: 26.10.2012 15:03:26 - Geplanter Prüfpunkt
RP2185: 27.10.2012 10:04:46 - Geplanter Prüfpunkt
RP2186: 28.10.2012 08:54:36 - Geplanter Prüfpunkt
RP2187: 29.10.2012 00:00:03 - Geplanter Prüfpunkt
RP2188: 29.10.2012 20:01:14 - Geplanter Prüfpunkt
RP2189: 30.10.2012 08:50:35 - Geplanter Prüfpunkt
RP2190: 31.10.2012 17:02:05 - Geplanter Prüfpunkt
RP2191: 01.11.2012 09:39:00 - Geplanter Prüfpunkt
RP2192: 01.11.2012 22:03:44 - Geplanter Prüfpunkt
RP2193: 02.11.2012 18:18:23 - Geplanter Prüfpunkt
RP2194: 03.11.2012 09:00:36 - Geplanter Prüfpunkt
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Deutsch
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Advertising Center
Any DVD Converter Professional 3.5.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
Auto Gordian Knot 2.55
Avira Free Antivirus
AviSynth 2.5
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield Vietnam(TM)
Battlefield Vietnam: WW2 Mod
Bonjour
Brothers In Arms
Brothers In Arms EiB
Byteswarm LiveUpdate 2.1.0.3
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Canon Inkjet Printer Driver Add-On Module
Canon Utilities Easy-PhotoPrint
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack für 2007 Office System
Controller
ConvertXtoDVD 3.2.0.50
ConvertXtoDVD 4.0.3.313
CoreAVC Professional Edition (remove only)
DesertCombat 0.7
DirectVobSub (remove only)
DivX-Setup
DivX Converter
DivX Plus DirectShow Filters
DivX Version Checker
DVD Shrink 3.2
Firebird SQL Server - MAGIX Edition
FLV Player 2.0 (build 25)
Free YouTube Download 2.3
GermaniX Transcoder
Google Earth
Google Update Helper
Google Updater
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HydraVision
ICQ6.5
ImgBurn
IrfanView (remove only)
IsoBuster 2.6
iTunes
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 35
Korean Fonts Support For Adobe Reader 8
Letstrade
LetsTrade Komponenten
Logitech Gaming Software 5.02
LucasArts' X-Wing vs. TIE Fighter
Mafia II
MakeDisc
MCE Software Encoder 1.1
Medal of Honor Allied Assault
MediaShow
MEDIONbox
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft XML Parser
Move Networks Media Player for Internet Explorer
Mozilla Firefox 16.0.2 (x86 de)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
Nero ControlCenter
Nero Installer
Nero MediaHome 4
Nero MediaHome 4 Essentials
Nero MediaHome 4 Help
Nero Online Upgrade
neroxml
Nokia Connectivity Cable Driver
Nokia Software Updater
NVIDIA Drivers
NVIDIA PhysX
PC Connectivity Solution
PhotoNow! 1.0
PowerDirector
PowerDVD
PowerProducer
PunkBuster für Battlefield Vietnam
QuickPar 0.9
QuickTime
ratDVD 0.78.1444
RealPlayer
Realtek High Definition Audio Driver
Return to Castle Wolfenstein
Sceneo AbsolutTV
Secret Disk 1.35
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Sid Meier's Pirates!
Spelling Dictionaries Support For Adobe Reader 8
Star Wars Battlefront
Star Wars Battlefront II
Star Wars: The Force Unleashed
Steam
Sweet Home 3D version 3.1
Switch Audiodatei-Konverter
TeamSpeak 2 RC2
TeamSpeak 3 Client
The Orange Box
TVsweeper 3
Ulead PhotoImpact 12
Undelete Plus 2.96
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VCRedistSetup
Verbindungsassistent
VideoLAN VLC media player 0.8.6c
VobSub v2.23 (Remove Only)
WavePad Audiobearbeitungs-Software
WinDirStat 1.1.2
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Media Player Firefox Plugin
WinRAR Archivierer
WISO Mein Geld 2008 Professional
X10 Hardware(TM)
XnView 1.97.2
Xvid 1.2.2 final uninstall
XviD MPEG4 Video Codec (remove only)
Zoom Player (remove only)
.
==== End Of File ===========================

----------DEFOGGER_DISABLE.LOG-------------

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:00 on 03/11/2012 (Alex)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

----------aswMBR.TXT-----------

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-03 15:17:56
-----------------------------
15:17:56.183 OS Version: Windows 6.0.6002 Service Pack 2
15:17:56.183 Number of processors: 2 586 0xF0B
15:17:56.185 ComputerName: PC UserName:
15:19:05.994 Initialize success
15:19:19.706 AVAST engine defs: 12110300
15:19:27.773 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053
15:19:27.776 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 6
15:19:27.797 Disk 0 MBR read successfully
15:19:27.800 Disk 0 MBR scan
15:19:27.891 Disk 0 Windows VISTA default MBR code
15:19:27.952 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 235678 MB offset 63
15:19:28.058 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 70000 MB offset 482670592
15:19:28.131 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150777 MB offset 626030592
15:19:28.234 Disk 0 Partition - 00 0F Extended LBA 20481 MB offset 934822350
15:19:28.361 Disk 0 Partition 4 00 0B FAT32 MSDOS5.0 20481 MB offset 934822413
15:19:28.507 Disk 0 scanning sectors +976768065
15:19:28.606 Disk 0 scanning C:\Windows\system32\drivers
15:20:05.212 Service scanning
15:20:40.160 Modules scanning
15:21:02.964 Disk 0 trace - called modules:
15:21:03.074 ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys hal.dll nvstor32.sys
15:21:03.080 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85abcac8]
15:21:03.087 3 CLASSPNP.SYS[885ac8b3] -> nt!IofCallDriver -> \Device\00000053[0x84df9c90]
15:21:05.890 AVAST engine scan C:\Windows
15:21:15.464 AVAST engine scan C:\Windows\system32
15:27:10.927 AVAST engine scan C:\Windows\system32\drivers
15:27:53.517 AVAST engine scan C:\Users\Alex
15:52:12.442 File: C:\Users\Alex\AppData\Roaming\Oleb\fadek.exe **INFECTED** Win32

ropper-gen [Drp]
15:53:56.786 File: C:\Users\Alex\Downloads\star-wars-battlefront-12-update.exe **INFECTED** Win32:Trojan-gen
16:00:18.751 AVAST engine scan C:\ProgramData
16:04:41.660 Scan finished successfully
16:10:39.223 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Documents\MBR.dat"
16:10:39.250 The log file has been saved successfully to "C:\Users\Alex\Documents\aswMBR.txt"

------------TDSSKILLER_LOG.TXT--------------

16:11:08.0495 6056 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:11:08.0609 6056 ============================================================
16:11:08.0609 6056 Current date / time: 2012/11/03 16:11:08.0609
16:11:08.0609 6056 SystemInfo:
16:11:08.0610 6056
16:11:08.0610 6056 OS Version: 6.0.6002 ServicePack: 2.0
16:11:08.0610 6056 Product type: Workstation
16:11:08.0610 6056 ComputerName: PC
16:11:08.0610 6056 UserName: Alex
16:11:08.0610 6056 Windows directory: C:\Windows
16:11:08.0610 6056 System windows directory: C:\Windows
16:11:08.0610 6056 Processor architecture: Intel x86
16:11:08.0610 6056 Number of processors: 2
16:11:08.0610 6056 Page size: 0x1000
16:11:08.0610 6056 Boot type: Normal boot
16:11:08.0610 6056 ============================================================
16:11:09.0354 6056 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:11:09.0446 6056 ============================================================
16:11:09.0446 6056 \Device\Harddisk0\DR0:
16:11:09.0463 6056 MBR partitions:
16:11:09.0463 6056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1CC4F18F
16:11:09.0463 6056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1CC4F800, BlocksNum 0x88B8000
16:11:09.0463 6056 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x25507800, BlocksNum 0x1267C800
16:11:09.0485 6056 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0x37B8420D, BlocksNum 0x2800A34
16:11:09.0485 6056 ============================================================
16:11:09.0534 6056 C: <-> \Device\Harddisk0\DR0\Partition1
16:11:09.0553 6056 N: <-> \Device\Harddisk0\DR0\Partition4
16:11:09.0587 6056 D: <-> \Device\Harddisk0\DR0\Partition2
16:11:09.0675 6056 E: <-> \Device\Harddisk0\DR0\Partition3
16:11:09.0676 6056 ============================================================
16:11:09.0676 6056 Initialize success
16:11:09.0676 6056 ============================================================
16:11:19.0763 5860 ============================================================
16:11:19.0763 5860 Scan started
16:11:19.0763 5860 Mode: Manual;
16:11:19.0763 5860 ============================================================
16:11:20.0325 5860 ================ Scan system memory ========================
16:11:20.0326 5860 System memory - ok
16:11:20.0326 5860 ================ Scan services =============================
16:11:20.0772 5860 [ 651C54AC4EC5C5397C5AFF5D575CA45B ] 3xHybrid C:\Windows\system32\DRIVERS\3xHybrid.sys
16:11:20.0793 5860 3xHybrid - ok
16:11:20.0856 5860 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:11:20.0860 5860 ACPI - ok
16:11:20.0932 5860 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:11:20.0934 5860 AdobeFlashPlayerUpdateSvc - ok
16:11:20.0973 5860 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:11:20.0980 5860 adp94xx - ok
16:11:21.0021 5860 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:11:21.0026 5860 adpahci - ok
16:11:21.0050 5860 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:11:21.0053 5860 adpu160m - ok
16:11:21.0078 5860 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:11:21.0081 5860 adpu320 - ok
16:11:21.0131 5860 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:11:21.0132 5860 AeLookupSvc - ok
16:11:21.0236 5860 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:11:21.0240 5860 AFD - ok
16:11:21.0270 5860 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:11:21.0272 5860 agp440 - ok
16:11:21.0295 5860 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:11:21.0297 5860 aic78xx - ok
16:11:21.0322 5860 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:11:21.0323 5860 ALG - ok
16:11:21.0342 5860 [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide C:\Windows\system32\drivers\aliide.sys
16:11:21.0344 5860 aliide - ok
16:11:21.0386 5860 [ 946848A3CAC9909D8F72A4847419E77D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:11:21.0407 5860 AMD External Events Utility - ok
16:11:21.0436 5860 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:11:21.0438 5860 amdagp - ok
16:11:21.0451 5860 [ 6F65F4147C54398D7280B18CEBBED215 ] amdide C:\Windows\system32\drivers\amdide.sys
16:11:21.0452 5860 amdide - ok
16:11:21.0478 5860 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:11:21.0480 5860 AmdK7 - ok
16:11:21.0497 5860 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:11:21.0499 5860 AmdK8 - ok
16:11:21.0690 5860 [ 19529728442D4794B96D1B8A9A63ECA1 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:11:21.0804 5860 amdkmdag - ok
16:11:21.0836 5860 [ B44737FF566B5888D15FDB66849F34E5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:11:21.0839 5860 amdkmdap - ok
16:11:21.0943 5860 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:11:21.0953 5860 AntiVirSchedulerService - ok
16:11:22.0023 5860 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:11:22.0034 5860 AntiVirService - ok
16:11:22.0082 5860 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:11:22.0083 5860 Appinfo - ok
16:11:22.0200 5860 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:11:22.0227 5860 Apple Mobile Device - ok
16:11:22.0250 5860 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
16:11:22.0252 5860 arc - ok
16:11:22.0300 5860 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:11:22.0302 5860 arcsas - ok
16:11:22.0341 5860 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:11:22.0343 5860 AsyncMac - ok
16:11:22.0356 5860 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:11:22.0357 5860 atapi - ok
16:11:22.0389 5860 [ 5E1CBDA7D52289579E25283549E99425 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
16:11:22.0392 5860 AtiHdmiService - ok
16:11:22.0428 5860 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:11:22.0474 5860 AudioEndpointBuilder - ok
16:11:22.0514 5860 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:11:22.0517 5860 Audiosrv - ok
16:11:22.0570 5860 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:11:22.0572 5860 avgntflt - ok
16:11:22.0609 5860 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:11:22.0612 5860 avipbb - ok
16:11:22.0642 5860 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:11:22.0644 5860 avkmgr - ok
16:11:22.0685 5860 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:11:22.0686 5860 Beep - ok
16:11:22.0745 5860 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:11:22.0750 5860 BFE - ok
16:11:22.0800 5860 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
16:11:22.0829 5860 BITS - ok
16:11:22.0835 5860 blbdrive - ok
16:11:22.0962 5860 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:11:23.0001 5860 Bonjour Service - ok
16:11:23.0048 5860 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:11:23.0051 5860 bowser - ok
16:11:23.0109 5860 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:11:23.0110 5860 BrFiltLo - ok
16:11:23.0118 5860 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:11:23.0120 5860 BrFiltUp - ok
16:11:23.0156 5860 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:11:23.0158 5860 Browser - ok
16:11:23.0181 5860 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:11:23.0183 5860 Brserid - ok
16:11:23.0199 5860 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:11:23.0201 5860 BrSerWdm - ok
16:11:23.0215 5860 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:11:23.0216 5860 BrUsbMdm - ok
16:11:23.0228 5860 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:11:23.0230 5860 BrUsbSer - ok
16:11:23.0248 5860 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:11:23.0250 5860 BTHMODEM - ok
16:11:23.0306 5860 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:11:23.0308 5860 cdfs - ok
16:11:23.0335 5860 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:11:23.0337 5860 cdrom - ok
16:11:23.0378 5860 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:11:23.0384 5860 CertPropSvc - ok
16:11:23.0409 5860 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
16:11:23.0411 5860 circlass - ok
16:11:23.0460 5860 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:11:23.0471 5860 CLFS - ok
16:11:23.0525 5860 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:11:23.0534 5860 clr_optimization_v2.0.50727_32 - ok
16:11:23.0612 5860 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:11:23.0639 5860 clr_optimization_v4.0.30319_32 - ok
16:11:23.0653 5860 [ 59172A0724F2AB769F31D61B0571D75B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:11:23.0654 5860 cmdide - ok
16:11:23.0670 5860 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:11:23.0671 5860 Compbatt - ok
16:11:23.0679 5860 COMSysApp - ok
16:11:23.0700 5860 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:11:23.0701 5860 crcdisk - ok
16:11:23.0723 5860 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:11:23.0724 5860 Crusoe - ok
16:11:23.0758 5860 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:11:23.0761 5860 CryptSvc - ok
16:11:23.0808 5860 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:11:23.0831 5860 DcomLaunch - ok
16:11:23.0856 5860 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:11:23.0858 5860 DfsC - ok
16:11:24.0007 5860 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:11:24.0050 5860 DFSR - ok
16:11:24.0111 5860 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:11:24.0142 5860 Dhcp - ok
16:11:24.0192 5860 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:11:24.0193 5860 disk - ok
16:11:24.0239 5860 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:11:24.0242 5860 Dnscache - ok
16:11:24.0266 5860 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:11:24.0270 5860 dot3svc - ok
16:11:24.0300 5860 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:11:24.0303 5860 DPS - ok
16:11:24.0340 5860 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:11:24.0341 5860 drmkaud - ok
16:11:24.0434 5860 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:11:24.0443 5860 DXGKrnl - ok
16:11:24.0495 5860 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:11:24.0498 5860 E1G60 - ok
16:11:24.0549 5860 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:11:24.0551 5860 EapHost - ok
16:11:24.0609 5860 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:11:24.0612 5860 Ecache - ok
16:11:24.0714 5860 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:11:24.0727 5860 ehRecvr - ok
16:11:24.0761 5860 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:11:24.0796 5860 ehSched - ok
16:11:24.0814 5860 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:11:24.0815 5860 ehstart - ok
16:11:24.0844 5860 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:11:24.0849 5860 elxstor - ok
16:11:24.0915 5860 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:11:24.0977 5860 EMDMgmt - ok
16:11:25.0053 5860 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:11:25.0058 5860 EventSystem - ok
16:11:25.0124 5860 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:11:25.0127 5860 exfat - ok
16:11:25.0158 5860 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:11:25.0161 5860 fastfat - ok
16:11:25.0175 5860 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:11:25.0176 5860 fdc - ok
16:11:25.0199 5860 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:11:25.0200 5860 fdPHost - ok
16:11:25.0233 5860 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:11:25.0239 5860 FDResPub - ok
16:11:25.0276 5860 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:11:25.0278 5860 FileInfo - ok
16:11:25.0310 5860 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:11:25.0311 5860 Filetrace - ok
16:11:25.0803 5860 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe
16:11:25.0897 5860 FirebirdServerMAGIXInstance - ok
16:11:25.0974 5860 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:11:25.0975 5860 flpydisk - ok
16:11:26.0010 5860 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:11:26.0014 5860 FltMgr - ok
16:11:26.0149 5860 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:11:26.0167 5860 FontCache - ok
16:11:26.0223 5860 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:11:26.0251 5860 FontCache3.0.0.0 - ok
16:11:26.0283 5860 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:11:26.0284 5860 Fs_Rec - ok
16:11:26.0316 5860 [ 07A83A2E070357075C2056810C67C9E4 ] FTD2XX C:\Windows\system32\Drivers\FTD2XX.sys
16:11:26.0318 5860 FTD2XX - ok
16:11:26.0331 5860 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:11:26.0332 5860 gagp30kx - ok
16:11:26.0363 5860 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:11:26.0364 5860 GEARAspiWDM - ok
16:11:26.0389 5860 [ 51B2D8629E1A0F463682F365D56325CB ] GnabService c:\program files\common files\gnab\service\servicecontroller.exe
16:11:26.0415 5860 GnabService - ok
16:11:26.0461 5860 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:11:26.0480 5860 gpsvc - ok
16:11:26.0557 5860 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:11:26.0558 5860 gupdate - ok
16:11:26.0567 5860 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:11:26.0568 5860 gupdatem - ok
16:11:26.0654 5860 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:11:26.0681 5860 gusvc - ok
16:11:26.0734 5860 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:11:26.0738 5860 HdAudAddService - ok
16:11:26.0783 5860 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:11:26.0803 5860 HDAudBus - ok
16:11:26.0830 5860 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:11:26.0832 5860 HidBth - ok
16:11:26.0855 5860 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:11:26.0856 5860 HidIr - ok
16:11:26.0898 5860 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
16:11:26.0900 5860 hidserv - ok
16:11:26.0941 5860 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:11:26.0942 5860 HidUsb - ok
16:11:26.0981 5860 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:11:26.0984 5860 hkmsvc - ok
16:11:27.0001 5860 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:11:27.0002 5860 HpCISSs - ok
16:11:27.0122 5860 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:11:27.0129 5860 HTTP - ok
16:11:27.0190 5860 [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:11:27.0192 5860 hwdatacard - ok
16:11:27.0214 5860 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:11:27.0216 5860 i2omp - ok
16:11:27.0269 5860 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:11:27.0271 5860 i8042prt - ok
16:11:27.0297 5860 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:11:27.0301 5860 iaStorV - ok
16:11:27.0606 5860 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:11:27.0662 5860 idsvc - ok
16:11:27.0697 5860 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:11:27.0698 5860 iirsp - ok
16:11:27.0767 5860 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:11:27.0776 5860 IKEEXT - ok
16:11:27.0920 5860 [ 56661BEAE591E59067710B6CBCA78184 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:11:27.0973 5860 IntcAzAudAddService - ok
16:11:27.0999 5860 [ E5EA1C17DA5065032E346591FF64F3AF ] intelide C:\Windows\system32\drivers\intelide.sys
16:11:28.0001 5860 intelide - ok
16:11:28.0049 5860 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:11:28.0051 5860 intelppm - ok
16:11:28.0090 5860 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:11:28.0118 5860 IPBusEnum - ok
16:11:28.0152 5860 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:11:28.0153 5860 IpFilterDriver - ok
16:11:28.0195 5860 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:11:28.0199 5860 iphlpsvc - ok
16:11:28.0205 5860 IpInIp - ok
16:11:28.0231 5860 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:11:28.0233 5860 IPMIDRV - ok
16:11:28.0290 5860 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:11:28.0293 5860 IPNAT - ok
16:11:28.0337 5860 [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:11:28.0359 5860 iPod Service - ok
16:11:28.0441 5860 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:11:28.0442 5860 IRENUM - ok
16:11:28.0461 5860 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:11:28.0463 5860 isapnp - ok
16:11:28.0484 5860 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:11:28.0489 5860 iScsiPrt - ok
16:11:28.0511 5860 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:11:28.0513 5860 iteatapi - ok
16:11:28.0542 5860 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:11:28.0544 5860 iteraid - ok
16:11:28.0570 5860 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:11:28.0572 5860 kbdclass - ok
16:11:28.0605 5860 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:11:28.0606 5860 kbdhid - ok
16:11:28.0643 5860 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:11:28.0645 5860 KeyIso - ok
16:11:28.0688 5860 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:11:28.0696 5860 KSecDD - ok
16:11:28.0772 5860 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:11:28.0780 5860 KtmRm - ok
16:11:28.0844 5860 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
16:11:28.0847 5860 LanmanServer - ok
16:11:28.0883 5860 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:11:28.0887 5860 LanmanWorkstation - ok
16:11:28.0919 5860 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:11:28.0920 5860 lltdio - ok
16:11:28.0954 5860 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:11:28.0957 5860 lltdsvc - ok
16:11:28.0980 5860 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:11:28.0982 5860 lmhosts - ok
16:11:28.0996 5860 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:11:28.0998 5860 LSI_FC - ok
16:11:29.0017 5860 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:11:29.0019 5860 LSI_SAS - ok
16:11:29.0030 5860 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:11:29.0032 5860 LSI_SCSI - ok
16:11:29.0080 5860 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:11:29.0082 5860 luafv - ok
16:11:29.0114 5860 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:11:29.0116 5860 Mcx2Svc - ok
16:11:29.0139 5860 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
16:11:29.0140 5860 megasas - ok
16:11:29.0169 5860 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:11:29.0171 5860 MMCSS - ok
16:11:29.0199 5860 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:11:29.0201 5860 Modem - ok
16:11:29.0258 5860 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:11:29.0260 5860 monitor - ok
16:11:29.0277 5860 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:11:29.0279 5860 mouclass - ok
16:11:29.0305 5860 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:11:29.0306 5860 mouhid - ok
16:11:29.0342 5860 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:11:29.0344 5860 MountMgr - ok
16:11:29.0411 5860 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:11:29.0460 5860 MozillaMaintenance - ok
16:11:29.0485 5860 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
16:11:29.0489 5860 mpio - ok
16:11:29.0523 5860 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:11:29.0525 5860 mpsdrv - ok
16:11:29.0567 5860 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:11:29.0575 5860 MpsSvc - ok
16:11:29.0598 5860 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:11:29.0600 5860 Mraid35x - ok
16:11:29.0632 5860 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:11:29.0634 5860 MRxDAV - ok
16:11:29.0671 5860 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:11:29.0673 5860 mrxsmb - ok
16:11:29.0707 5860 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:11:29.0711 5860 mrxsmb10 - ok
16:11:29.0721 5860 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:11:29.0723 5860 mrxsmb20 - ok
16:11:29.0748 5860 [ 86068B8B54A5EB092F51657F00B2222A ] msahci C:\Windows\system32\drivers\msahci.sys
16:11:29.0750 5860 msahci - ok
16:11:29.0769 5860 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:11:29.0772 5860 msdsm - ok
16:11:29.0801 5860 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:11:29.0804 5860 MSDTC - ok
16:11:29.0847 5860 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:11:29.0848 5860 Msfs - ok
16:11:29.0872 5860 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:11:29.0873 5860 msisadrv - ok
16:11:29.0905 5860 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:11:29.0908 5860 MSiSCSI - ok
16:11:29.0913 5860 msiserver - ok
16:11:29.0957 5860 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:11:29.0958 5860 MSKSSRV - ok
16:11:30.0000 5860 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:11:30.0001 5860 MSPCLOCK - ok
16:11:30.0034 5860 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:11:30.0035 5860 MSPQM - ok
16:11:30.0054 5860 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:11:30.0057 5860 MsRPC - ok
16:11:30.0096 5860 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:11:30.0098 5860 mssmbios - ok
16:11:30.0118 5860 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:11:30.0119 5860 MSTEE - ok
16:11:30.0138 5860 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:11:30.0139 5860 Mup - ok
16:11:30.0177 5860 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:11:30.0184 5860 napagent - ok
16:11:30.0228 5860 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:11:30.0231 5860 NativeWifiP - ok
16:11:30.0266 5860 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:11:30.0275 5860 NDIS - ok
16:11:30.0335 5860 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:11:30.0336 5860 NdisTapi - ok
16:11:30.0372 5860 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:11:30.0374 5860 Ndisuio - ok
16:11:30.0412 5860 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:11:30.0415 5860 NdisWan - ok
16:11:30.0443 5860 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:11:30.0445 5860 NDProxy - ok
16:11:30.0524 5860 [ C5052FB77AA42ED440F9F6B4E37145A9 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
16:11:30.0579 5860 Nero BackItUp Scheduler 3 - ok
16:11:30.0684 5860 [ D660376BD52DF3D33390ACAE9FA1A54C ] NeroMediaHomeService.4 C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
16:11:30.0720 5860 NeroMediaHomeService.4 - ok
16:11:30.0743 5860 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:11:30.0745 5860 NetBIOS - ok
16:11:30.0786 5860 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:11:30.0789 5860 netbt - ok
16:11:30.0806 5860 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:11:30.0808 5860 Netlogon - ok
16:11:30.0839 5860 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:11:30.0844 5860 Netman - ok
16:11:30.0886 5860 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:11:30.0891 5860 netprofm - ok
16:11:30.0928 5860 [ 9BA2F93E4F01EC58E722B36639E0CE5D ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
16:11:30.0948 5860 netr28u - ok
16:11:30.0982 5860 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:11:30.0993 5860 NetTcpPortSharing - ok
16:11:31.0058 5860 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:11:31.0059 5860 nfrd960 - ok
16:11:31.0091 5860 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:11:31.0095 5860 NlaSvc - ok
16:11:31.0217 5860 [ 74149BCF0307BB76D68C0F8912DF731C ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
16:11:31.0254 5860 NMIndexingService - ok
16:11:31.0317 5860 [ 4A8A2AA0706B659175169DECF198E9D7 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
16:11:31.0318 5860 nmwcd - ok
16:11:31.0356 5860 [ FD3E61831095AC62E6840D986B5A2016 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
16:11:31.0357 5860 nmwcdc - ok
16:11:31.0386 5860 [ 02E96113511171BA7559386D10D3DAEA ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
16:11:31.0389 5860 nmwcdnsu - ok
16:11:31.0417 5860 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:11:31.0418 5860 Npfs - ok
16:11:31.0443 5860 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:11:31.0446 5860 nsi - ok
16:11:31.0477 5860 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:11:31.0478 5860 nsiproxy - ok
16:11:31.0544 5860 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:11:31.0565 5860 Ntfs - ok
16:11:31.0583 5860 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:11:31.0584 5860 ntrigdigi - ok
16:11:31.0613 5860 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:11:31.0614 5860 Null - ok
16:11:31.0676 5860 [ D668632606D1CEBF0B6EC64C1DF7ED6F ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
16:11:31.0706 5860 NVENETFD - ok
16:11:32.0284 5860 [ C5823E05F760FF5B4C698752B1B8030D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:11:32.0474 5860 nvlddmkm - ok
16:11:32.0521 5860 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:11:32.0523 5860 nvraid - ok
16:11:32.0571 5860 [ 7EC12A73067BACA25A8E3E2A58AE83D8 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
16:11:32.0572 5860 nvsmu - ok
16:11:32.0588 5860 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:11:32.0590 5860 nvstor - ok
16:11:32.0614 5860 [ 4876E7C3184BDF50EDE043FEF616B867 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
16:11:32.0615 5860 nvstor32 - ok
16:11:32.0641 5860 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:11:32.0643 5860 nv_agp - ok
16:11:32.0648 5860 NwlnkFlt - ok
16:11:32.0654 5860 NwlnkFwd - ok
16:11:32.0721 5860 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:11:32.0723 5860 ohci1394 - ok
16:11:32.0749 5860 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:11:32.0770 5860 ose - ok
16:11:32.0827 5860 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:11:32.0849 5860 p2pimsvc - ok
16:11:32.0862 5860 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:11:32.0868 5860 p2psvc - ok
16:11:32.0918 5860 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:11:32.0921 5860 Parport - ok
16:11:32.0970 5860 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:11:32.0972 5860 partmgr - ok
16:11:32.0987 5860 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:11:32.0988 5860 Parvdm - ok
16:11:33.0027 5860 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:11:33.0036 5860 PcaSvc - ok
16:11:33.0076 5860 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
16:11:33.0078 5860 pccsmcfd - ok
16:11:33.0130 5860 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:11:33.0132 5860 pci - ok
16:11:33.0140 5860 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
16:11:33.0142 5860 pciide - ok
16:11:33.0157 5860 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:11:33.0161 5860 pcmcia - ok
16:11:33.0187 5860 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
16:11:33.0188 5860 pcouffin - ok
16:11:33.0236 5860 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:11:33.0258 5860 PEAUTH - ok
16:11:33.0510 5860 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:11:33.0598 5860 pla - ok
16:11:33.0664 5860 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:11:33.0669 5860 PlugPlay - ok
16:11:33.0702 5860 [ 19E83B09AB8EE1D837665DA941E2AC44 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
16:11:33.0704 5860 PnkBstrA - ok
16:11:33.0725 5860 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:11:33.0731 5860 PNRPAutoReg - ok
16:11:33.0792 5860 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:11:33.0798 5860 PNRPsvc - ok
16:11:33.0919 5860 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:11:33.0924 5860 PolicyAgent - ok
16:11:33.0970 5860 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:11:33.0973 5860 PptpMiniport - ok
16:11:33.0996 5860 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
16:11:33.0997 5860 Processor - ok
16:11:34.0034 5860 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:11:34.0038 5860 ProfSvc - ok
16:11:34.0057 5860 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:11:34.0059 5860 ProtectedStorage - ok
16:11:34.0086 5860 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:11:34.0088 5860 PSched - ok
16:11:34.0158 5860 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:11:34.0180 5860 ql2300 - ok
16:11:34.0216 5860 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:11:34.0218 5860 ql40xx - ok
16:11:34.0252 5860 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:11:34.0257 5860 QWAVE - ok
16:11:34.0285 5860 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:11:34.0287 5860 QWAVEdrv - ok
16:11:34.0328 5860 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:11:34.0330 5860 RasAcd - ok
16:11:34.0361 5860 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:11:34.0365 5860 RasAuto - ok
16:11:34.0401 5860 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:11:34.0403 5860 Rasl2tp - ok
16:11:34.0490 5860 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:11:34.0494 5860 RasMan - ok
16:11:34.0515 5860 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:11:34.0517 5860 RasPppoe - ok
16:11:34.0534 5860 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:11:34.0536 5860 RasSstp - ok
16:11:34.0606 5860 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:11:34.0610 5860 rdbss - ok
16:11:34.0657 5860 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:11:34.0658 5860 RDPCDD - ok
16:11:34.0676 5860 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:11:34.0681 5860 rdpdr - ok
16:11:34.0695 5860 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:11:34.0696 5860 RDPENCDD - ok
16:11:34.0728 5860 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:11:34.0732 5860 RDPWD - ok
16:11:34.0775 5860 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:11:34.0778 5860 RemoteAccess - ok
16:11:34.0810 5860 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:11:34.0813 5860 RemoteRegistry - ok
16:11:34.0886 5860 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
16:11:34.0914 5860 RichVideo - ok
16:11:34.0967 5860 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:11:34.0969 5860 RpcLocator - ok
16:11:34.0992 5860 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:11:34.0997 5860 RpcSs - ok
16:11:35.0029 5860 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:11:35.0031 5860 rspndr - ok
16:11:35.0055 5860 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:11:35.0057 5860 SamSs - ok
16:11:35.0071 5860 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:11:35.0074 5860 sbp2port - ok
16:11:35.0118 5860 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:11:35.0122 5860 SCardSvr - ok
16:11:35.0170 5860 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:11:35.0178 5860 Schedule - ok
16:11:35.0215 5860 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:11:35.0216 5860 SCPolicySvc - ok
16:11:35.0250 5860 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:11:35.0254 5860 SDRSVC - ok
16:11:35.0275 5860 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:11:35.0276 5860 secdrv - ok
16:11:35.0306 5860 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:11:35.0308 5860 seclogon - ok
16:11:35.0339 5860 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:11:35.0342 5860 SENS - ok
16:11:35.0375 5860 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:11:35.0376 5860 Serenum - ok
16:11:35.0394 5860 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:11:35.0396 5860 Serial - ok
16:11:35.0433 5860 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:11:35.0435 5860 sermouse - ok
16:11:35.0495 5860 [ C2644DC3CAC06AFF97A9359632C9C175 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
16:11:35.0548 5860 ServiceLayer - ok
16:11:35.0610 5860 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:11:35.0613 5860 SessionEnv - ok
16:11:35.0665 5860 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:11:35.0667 5860 sffdisk - ok
16:11:35.0688 5860 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:11:35.0689 5860 sffp_mmc - ok
16:11:35.0703 5860 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:11:35.0705 5860 sffp_sd - ok
16:11:35.0720 5860 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:11:35.0721 5860 sfloppy - ok
16:11:35.0742 5860 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:11:35.0775 5860 SharedAccess - ok
16:11:35.0845 5860 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:11:35.0850 5860 ShellHWDetection - ok
16:11:35.0878 5860 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:11:35.0879 5860 sisagp - ok
16:11:35.0903 5860 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:11:35.0905 5860 SiSRaid2 - ok
16:11:35.0922 5860 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:11:35.0924 5860 SiSRaid4 - ok
16:11:36.0082 5860 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:11:36.0156 5860 slsvc - ok
16:11:36.0202 5860 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:11:36.0205 5860 SLUINotify - ok
16:11:36.0229 5860 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:11:36.0231 5860 Smb - ok
16:11:36.0287 5860 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:11:36.0295 5860 SNMPTRAP - ok
16:11:36.0328 5860 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:11:36.0330 5860 spldr - ok
16:11:36.0360 5860 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:11:36.0363 5860 Spooler - ok
16:11:36.0446 5860 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\System32\Drivers\sptd.sys
16:11:36.0467 5860 sptd - ok
16:11:36.0527 5860 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:11:36.0533 5860 srv - ok
16:11:36.0594 5860 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:11:36.0603 5860 srv2 - ok
16:11:36.0783 5860 [ BF94A7553EF257D70CB2287BF7A3BCE1 ] srvcPVR C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
16:11:36.0813 5860 srvcPVR - ok
16:11:36.0865 5860 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:11:36.0867 5860 srvnet - ok
16:11:36.0897 5860 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:11:36.0900 5860 SSDPSRV - ok
16:11:36.0928 5860 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
16:11:36.0930 5860 ssmdrv - ok
16:11:36.0965 5860 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:11:36.0968 5860 SstpSvc - ok
16:11:37.0002 5860 Steam Client Service - ok
16:11:37.0197 5860 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:11:37.0206 5860 stisvc - ok
16:11:37.0237 5860 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:11:37.0238 5860 swenum - ok
16:11:37.0276 5860 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:11:37.0283 5860 swprv - ok
16:11:37.0316 5860 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:11:37.0317 5860 Symc8xx - ok
16:11:37.0332 5860 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:11:37.0333 5860 Sym_hi - ok
16:11:37.0360 5860 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:11:37.0362 5860 Sym_u3 - ok
16:11:37.0555 5860 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:11:37.0562 5860 SysMain - ok
16:11:37.0588 5860 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:11:37.0592 5860 TabletInputService - ok
16:11:37.0665 5860 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:11:37.0670 5860 TapiSrv - ok
16:11:37.0721 5860 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:11:37.0724 5860 TBS - ok
16:11:37.0774 5860 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:11:37.0795 5860 Tcpip - ok
16:11:37.0812 5860 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:11:37.0819 5860 Tcpip6 - ok
16:11:37.0855 5860 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:11:37.0857 5860 tcpipreg - ok
16:11:37.0895 5860 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:11:37.0897 5860 TDPIPE - ok
16:11:37.0929 5860 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:11:37.0931 5860 TDTCP - ok
16:11:37.0962 5860 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:11:37.0964 5860 tdx - ok
16:11:38.0000 5860 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:11:38.0002 5860 TermDD - ok
16:11:38.0021 5860 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:11:38.0072 5860 TermService - ok
16:11:38.0097 5860 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:11:38.0100 5860 Themes - ok
16:11:38.0133 5860 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:11:38.0135 5860 THREADORDER - ok
16:11:38.0234 5860 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:11:38.0237 5860 TrkWks - ok
16:11:38.0306 5860 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:11:38.0367 5860 TrustedInstaller - ok
16:11:38.0402 5860 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:11:38.0404 5860 tssecsrv - ok
16:11:38.0442 5860 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:11:38.0443 5860 tunmp - ok
16:11:38.0477 5860 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:11:38.0479 5860 tunnel - ok
16:11:38.0505 5860 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:11:38.0507 5860 uagp35 - ok
16:11:38.0548 5860 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:11:38.0553 5860 udfs - ok
16:11:38.0582 5860 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:11:38.0585 5860 UI0Detect - ok
16:11:38.0609 5860 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:11:38.0611 5860 uliagpkx - ok
16:11:38.0632 5860 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:11:38.0636 5860 uliahci - ok
16:11:38.0656 5860 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:11:38.0659 5860 UlSata - ok
16:11:38.0675 5860 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:11:38.0677 5860 ulsata2 - ok
16:11:38.0706 5860 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:11:38.0708 5860 umbus - ok
16:11:38.0752 5860 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:11:38.0758 5860 upnphost - ok
16:11:38.0805 5860 [ 587E643A4E2FFD9A00F114B057CEB773 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
16:11:38.0807 5860 upperdev - ok
16:11:38.0882 5860 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:11:38.0884 5860 USBAAPL - ok
16:11:38.0962 5860 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:11:38.0965 5860 usbccgp - ok
16:11:38.0984 5860 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:11:38.0986 5860 usbcir - ok
16:11:39.0013 5860 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:11:39.0015 5860 usbehci - ok
16:11:39.0054 5860 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:11:39.0058 5860 usbhub - ok
16:11:39.0093 5860 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:11:39.0094 5860 usbohci - ok
16:11:39.0127 5860 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:11:39.0128 5860 usbprint - ok
16:11:39.0181 5860 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\drivers\usbser.sys
16:11:39.0182 5860 usbser - ok
16:11:39.0222 5860 [ FCA6A196D47CB972A0E4ADC0DB9CD17C ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
16:11:39.0223 5860 UsbserFilt - ok
16:11:39.0239 5860 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:11:39.0241 5860 USBSTOR - ok
16:11:39.0262 5860 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:11:39.0264 5860 usbuhci - ok
16:11:39.0293 5860 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:11:39.0296 5860 UxSms - ok
16:11:39.0331 5860 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:11:39.0378 5860 vds - ok
16:11:39.0430 5860 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:11:39.0432 5860 vga - ok
16:11:39.0455 5860 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:11:39.0457 5860 VgaSave - ok
16:11:39.0469 5860 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:11:39.0471 5860 viaagp - ok
16:11:39.0485 5860 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:11:39.0487 5860 ViaC7 - ok
16:11:39.0500 5860 [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide C:\Windows\system32\drivers\viaide.sys
16:11:39.0502 5860 viaide - ok
16:11:39.0515 5860 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:11:39.0517 5860 volmgr - ok
16:11:39.0556 5860 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:11:39.0561 5860 volmgrx - ok
16:11:39.0601 5860 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:11:39.0606 5860 volsnap - ok
16:11:39.0631 5860 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:11:39.0634 5860 vsmraid - ok
16:11:39.0813 5860 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:11:39.0831 5860 VSS - ok
16:11:39.0862 5860 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:11:39.0869 5860 W32Time - ok
16:11:39.0896 5860 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:11:39.0897 5860 WacomPen - ok
16:11:39.0925 5860 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:11:39.0927 5860 Wanarp - ok
16:11:39.0931 5860 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:11:39.0932 5860 Wanarpv6 - ok
16:11:39.0968 5860 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:11:39.0975 5860 wcncsvc - ok
16:11:40.0014 5860 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:11:40.0017 5860 WcsPlugInService - ok
16:11:40.0047 5860 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
16:11:40.0048 5860 Wd - ok
16:11:40.0084 5860 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:11:40.0103 5860 Wdf01000 - ok
16:11:40.0141 5860 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:11:40.0145 5860 WdiServiceHost - ok
16:11:40.0160 5860 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:11:40.0163 5860 WdiSystemHost - ok
16:11:40.0229 5860 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:11:40.0234 5860 WebClient - ok
16:11:40.0261 5860 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:11:40.0266 5860 Wecsvc - ok
16:11:40.0295 5860 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:11:40.0298 5860 wercplsupport - ok
16:11:40.0325 5860 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:11:40.0329 5860 WerSvc - ok
16:11:40.0453 5860 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:11:40.0456 5860 WinDefend - ok
16:11:40.0464 5860 WinHttpAutoProxySvc - ok
16:11:40.0547 5860 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:11:40.0559 5860 Winmgmt - ok
16:11:40.0809 5860 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:11:40.0840 5860 WinRM - ok
16:11:40.0947 5860 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:11:40.0957 5860 Wlansvc - ok
16:11:41.0017 5860 [ 38932C4649F8BAAD6CE1000AC6503D5B ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
16:11:41.0019 5860 WmBEnum - ok
16:11:41.0059 5860 [ 58B3ADAB903FA1A78C86E6A42B80FE76 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
16:11:41.0061 5860 WmFilter - ok
16:11:41.0094 5860 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:11:41.0095 5860 WmiAcpi - ok
16:11:41.0124 5860 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:11:41.0134 5860 wmiApSrv - ok
16:11:41.0233 5860 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:11:41.0256 5860 WMPNetworkSvc - ok
16:11:41.0300 5860 [ E45F01F4014D7AB13B8A0C41EBF48A3D ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
16:11:41.0301 5860 WmVirHid - ok
16:11:41.0320 5860 [ 0398265DD65AAE2ECE180FA9D1E7B5BB ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
16:11:41.0321 5860 WmXlCore - ok
16:11:41.0337 5860 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:11:41.0342 5860 WPCSvc - ok
16:11:41.0373 5860 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:11:41.0377 5860 WPDBusEnum - ok
16:11:41.0409 5860 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:11:41.0410 5860 WpdUsb - ok
16:11:41.0619 5860 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:11:41.0638 5860 WPFFontCache_v0400 - ok
16:11:41.0662 5860 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:11:41.0663 5860 ws2ifsl - ok
16:11:41.0691 5860 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
16:11:41.0694 5860 wscsvc - ok
16:11:41.0698 5860 WSearch - ok
16:11:41.0801 5860 [ A583F4BF607EBC5709578433207A76A8 ] WTGService C:\MedionVA\WTGService.exe
16:11:41.0823 5860 WTGService - ok
16:11:41.0898 5860 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:11:41.0942 5860 wuauserv - ok
16:11:42.0010 5860 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:11:42.0012 5860 WUDFRd - ok
16:11:42.0061 5860 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:11:42.0064 5860 wudfsvc - ok
16:11:42.0101 5860 [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
16:11:42.0102 5860 X10Hid - ok
16:11:42.0144 5860 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
16:11:42.0171 5860 x10nets - ok
16:11:42.0206 5860 [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
16:11:42.0207 5860 XUIF - ok
16:11:42.0234 5860 ================ Scan global ===============================
16:11:42.0268 5860 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:11:42.0392 5860 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:11:42.0406 5860 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:11:42.0463 5860 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:11:42.0466 5860 [Global] - ok
16:11:42.0466 5860 ================ Scan MBR ==================================
16:11:42.0482 5860 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:11:42.0970 5860 \Device\Harddisk0\DR0 - ok
16:11:42.0971 5860 ================ Scan VBR ==================================
16:11:42.0974 5860 [ 8BB0CB67B1DEE60B8327B632C40291CC ] \Device\Harddisk0\DR0\Partition1
16:11:42.0975 5860 \Device\Harddisk0\DR0\Partition1 - ok
16:11:42.0987 5860 [ C1EB3AD281896E6CFB4E12600BA71B11 ] \Device\Harddisk0\DR0\Partition2
16:11:43.0001 5860 \Device\Harddisk0\DR0\Partition2 - ok
16:11:43.0027 5860 [ 513FDD05512FAB6D710FA890025453CD ] \Device\Harddisk0\DR0\Partition3
16:11:43.0041 5860 \Device\Harddisk0\DR0\Partition3 - ok
16:11:43.0069 5860 [ 1C5EA97EEFF80F71E80D09F58B9BAB69 ] \Device\Harddisk0\DR0\Partition4
16:11:43.0070 5860 \Device\Harddisk0\DR0\Partition4 - ok
16:11:43.0070 5860 ============================================================
16:11:43.0070 5860 Scan finished
16:11:43.0070 5860 ============================================================
16:11:43.0080 4272 Detected object count: 0
16:11:43.0081 4272 Actual detected object count: 0
16:12:02.0053 3740 Deinitialize success

------------------------------------

Viele Grüße,
Alex

M-K-D-B · 03.11.2012, 17:19

Servus Alex,

woher stimmt diese Datei?
C:\Users\Alex\Downloads\star-wars-battlefront-12-update.exe

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Lawman · 03.11.2012, 18:32

Hier das Combofix:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-11-03.02 - Alex 03.11.2012  18:13:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2047.966 [GMT 1:00]
ausgeführt von:: c:\users\Alex\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 ADS - Windows: deleted 24 bytes in 1 streams. 
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\AppData\Roaming\inst.exe
c:\users\Alex\AppData\Roaming\Oleb
c:\users\Alex\AppData\Roaming\Oleb\fadek.exe
c:\users\Alex\AppData\Roaming\vso_ts_preview.xml
c:\windows\iun6002.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-03 bis 2012-11-03  ))))))))))))))))))))))))))))))
.
.
2012-11-03 17:22 . 2012-11-03 17:23	--------	d-----w-	c:\users\Alex\AppData\Local\temp
2012-11-03 17:22 . 2012-11-03 17:22	--------	d-----w-	c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2012-11-03 17:22 . 2012-11-03 17:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-01 18:54 . 2012-11-03 16:46	--------	d-----w-	c:\users\Alex\AppData\Roaming\Apype
2012-11-01 18:54 . 2012-11-01 18:54	--------	d-----w-	c:\users\Alex\AppData\Roaming\Amopob
2012-10-28 09:40 . 2012-10-28 09:43	--------	d-----w-	C:\Es war einmal der Mensch DVD 6 (C-XC O T-174 S-0 A-DE_EN_FR Q-124)
2012-10-17 22:15 . 2012-10-17 22:32	--------	d-----w-	C:\Spacken Test
2012-10-10 06:05 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 06:05 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 06:05 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 06:05 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 06:04 . 2012-09-13 13:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 06:04 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-10 06:04 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-03 13:49 . 2009-07-17 20:47	139152	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-11-03 13:49 . 2009-06-13 14:57	111928	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-10-10 00:07 . 2012-03-30 06:26	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-10 00:07 . 2011-06-25 19:56	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-22 07:54 . 2012-09-22 07:54	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-22 07:54 . 2012-09-08 05:46	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-22 07:54 . 2010-05-04 20:44	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-25 11:50 . 2012-09-22 06:02	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-25 11:44 . 2012-09-22 06:02	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-08-25 11:44 . 2012-09-22 06:02	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-25 11:44 . 2012-09-22 06:02	109056	----a-w-	c:\windows\system32\iesysprep.dll
2012-08-25 11:44 . 2012-09-22 06:02	71680	----a-w-	c:\windows\system32\iesetup.dll
2012-08-25 10:11 . 2012-09-22 06:02	385024	----a-w-	c:\windows\system32\html.iec
2012-08-25 08:31 . 2012-09-22 06:02	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-25 08:29 . 2012-09-22 06:02	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-10-27 20:27 . 2012-10-27 20:27	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-04 1353080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-14 185896]
"LiveUpdate"="c:\program files\Byteswarm\LiveUpdate\LiveUpdate.exe" [2004-08-28 2150400]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-10-29 5178664]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-11 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 01045777
*Deregistered* - 01045777
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:07]
.
2012-11-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-30 07:54]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 08:32]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 08:32]
.
2012-11-03 c:\windows\Tasks\User_Feed_Synchronization-{0B478D9A-A3A0-425B-A64A-446EA1219869}.job
- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\n1p5cw3r.default\
FF - ExtSQL: 2012-09-08 07:46; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-22 19:22; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\n1p5cw3r.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2009-06-27 09:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-ICQ - c:\program files\ICQ6\ICQ.exe
HKCU-Run-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
HKCU-Run-Kiehgoceuf - c:\users\Alex\AppData\Roaming\Oleb\fadek.exe
HKLM-Run-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
HKLM-Run-Nokia FastStart - c:\program files\Nokia\Nokia Music\NokiaMusic.exe
AddRemove-Byteswarm_LiveUpdate - c:\windows\iun6002.exe
AddRemove-DesertCombat - c:\windows\iun6002.exe
AddRemove-LucasArts' X-Wing vs. TIE Fighter - c:\windows\unin0407.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-03 18:23
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-03  18:25:13
ComboFix-quarantined-files.txt  2012-11-03 17:24
.
Vor Suchlauf: 10 Verzeichnis(se), 26.848.944.128 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 29.685.669.888 Bytes frei
.
- - End Of File - - 574EA66B31486EDDD33C3626A88A5128

--- --- ---

Die Star Wars Battlefront Datei habe ich vermutlich mal vor zweieinhalb Jahren downgeloaded und ausgeführt. Sie stammt von Mai 2010. Danach habe ich nichts mehr damit gemacht.

M-K-D-B · 04.11.2012, 13:39

Servus,

Schritt 1
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:

BleepingComputer.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

File::
C:\Users\Alex\Downloads\star-wars-battlefront-12-update.exe

Folder::
c:\users\Alex\AppData\Roaming\Apype
c:\users\Alex\AppData\Roaming\Amopob

DDS::
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt 2
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
c:\users\Alex\AppData\Roaming\*.
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste mit deiner nächsten Antwort

die Logdatei von ComboFix,
die beiden Logdateien von OTL.

Lawman · 04.11.2012, 23:06

Irgendwie fummelt hier was in meinem System rum. 2x musste ich schon Firefox wieder als Standardbrowser einstellen. Plötzlich sehe ich die Dateien wieder ohne Dateiendungen im Explorer ...

----------------Logdatei Combofix-----------------

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-11-04.01 - Alex 04.11.2012  14:27:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2047.1114 [GMT 1:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Alex\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Alex\Downloads\star-wars-battlefront-12-update.exe"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alex\AppData\Roaming\Amopob
c:\users\Alex\AppData\Roaming\Amopob\icoba.aqz
c:\users\Alex\AppData\Roaming\Apype
c:\users\Alex\AppData\Roaming\Apype\wygae.tmp
c:\users\Alex\Downloads\star-wars-battlefront-12-update.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-04 bis 2012-11-04  ))))))))))))))))))))))))))))))
.
.
2012-11-04 13:35 . 2012-11-04 13:35	--------	d-----w-	c:\users\Alex\AppData\Local\temp
2012-11-04 13:35 . 2012-11-04 13:35	--------	d-----w-	c:\users\NeroMediaHomeUser.4\AppData\Local\temp
2012-11-04 13:35 . 2012-11-04 13:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-28 09:40 . 2012-10-28 09:43	--------	d-----w-	C:\Es war einmal der Mensch DVD 6 (C-XC O T-174 S-0 A-DE_EN_FR Q-124)
2012-10-17 22:15 . 2012-10-17 22:32	--------	d-----w-	C:\Spacken Test
2012-10-10 06:05 . 2012-08-24 15:53	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 06:05 . 2012-06-02 00:02	985088	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 06:05 . 2012-06-02 00:02	98304	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 06:05 . 2012-06-02 00:02	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 06:04 . 2012-09-13 13:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 06:04 . 2012-08-29 11:27	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-10 06:04 . 2012-08-29 11:27	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-04 12:07 . 2009-07-17 20:47	139152	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-11-04 12:07 . 2009-06-13 14:57	111928	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-10-10 00:07 . 2012-03-30 06:26	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-10 00:07 . 2011-06-25 19:56	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-22 07:54 . 2012-09-22 07:54	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-22 07:54 . 2012-09-08 05:46	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-22 07:54 . 2010-05-04 20:44	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-25 11:50 . 2012-09-22 06:02	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-25 11:44 . 2012-09-22 06:02	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-08-25 11:44 . 2012-09-22 06:02	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-25 11:44 . 2012-09-22 06:02	109056	----a-w-	c:\windows\system32\iesysprep.dll
2012-08-25 11:44 . 2012-09-22 06:02	71680	----a-w-	c:\windows\system32\iesetup.dll
2012-08-25 10:11 . 2012-09-22 06:02	385024	----a-w-	c:\windows\system32\html.iec
2012-08-25 08:31 . 2012-09-22 06:02	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-25 08:29 . 2012-09-22 06:02	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-10-27 20:27 . 2012-10-27 20:27	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-04 1353080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Kiehgoceuf"="c:\users\Alex\AppData\Roaming\Oleb\fadek.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"TVBroadcast"="c:\program files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-14 185896]
"LiveUpdate"="c:\program files\Byteswarm\LiveUpdate\LiveUpdate.exe" [2004-08-28 2150400]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2010-10-29 5178664]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-11 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:07]
.
2012-11-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-30 07:54]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 08:32]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 08:32]
.
2012-11-03 c:\windows\Tasks\User_Feed_Synchronization-{0B478D9A-A3A0-425B-A64A-446EA1219869}.job
- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]
.
.
------- Zusätzlicher Suchlauf -------
.
mSearch Bar = hxxp://www.google.com/ie
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\n1p5cw3r.default\
FF - ExtSQL: 2012-09-08 07:46; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-22 19:22; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2019-09-25 23:40; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\n1p5cw3r.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: !HIDDEN! 2009-06-27 09:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-04 14:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-04  14:37:27
ComboFix-quarantined-files.txt  2012-11-04 13:37
ComboFix2.txt  2012-11-03 17:25
.
Vor Suchlauf: 12 Verzeichnis(se), 29.604.241.408 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 29.579.513.856 Bytes frei
.
- - End Of File - - FDB3B25E76F688EE6A0B2FA86C56822D

--- --- ---

------------------------------

Weitere Dateien im nächsten Posting

Lawman · 04.11.2012, 23:10

Die anderen Dateien sind zu lang zum Posten, daher hier als Anhang.

Lawman · 04.11.2012, 23:13

DIE OTL.TXT ist zu lang, muss ich auf zwei Postings aufteilen:

---------------------OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.11.2012 15:48:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,73% Memory free
4,24 Gb Paging File | 2,97 Gb Available in Paging File | 70,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230,15 Gb Total Space | 26,95 Gb Free Space | 11,71% Space Free | Partition Type: NTFS
Drive D: | 68,36 Gb Total Space | 4,57 Gb Free Space | 6,69% Space Free | Partition Type: NTFS
Drive E: | 147,24 Gb Total Space | 6,83 Gb Free Space | 4,64% Space Free | Partition Type: NTFS
Drive G: | 657,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive N: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,44% Space Free | Partition Type: FAT32
 
Computer Name: PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.04 14:53:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2012.09.20 18:37:20 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012.08.11 17:05:47 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.18 12:09:24 | 000,330,696 | ---- | M] () -- C:\MedionVA\WTGService.exe
PRC - [2010.10.29 16:59:40 | 000,517,416 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe
PRC - [2010.05.05 03:15:32 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.05.05 03:14:56 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.04.04 19:37:59 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Gaming Software\LWEMon.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.12.03 14:21:24 | 002,213,160 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2007.11.14 15:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.08.08 00:12:10 | 000,797,696 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2006.07.28 16:55:58 | 000,757,760 | ---- | M] (Black Bag Operations, www.blackbagops.com) -- E:\bfrm\BFRemoteManager.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.28 18:03:41 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.26 13:49:12 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.26 13:49:05 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.09 02:37:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 02:37:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.09 02:35:35 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.09 02:34:19 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.09 02:33:55 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.09.22 21:53:54 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Dashboard\2.0.3776.37536__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
MOD - [2010.09.22 21:53:54 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Dashboard\2.0.3776.37535__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
MOD - [2010.09.22 21:53:54 | 000,163,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Dashboard\2.0.3776.37534__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
MOD - [2010.09.22 21:53:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Runtime\2.0.3776.37533__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Runtime.dll
MOD - [2010.09.22 21:53:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Runtime\2.0.3776.37536__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Runtime.dll
MOD - [2010.09.22 21:53:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Runtime\2.0.3776.37534__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Runtime.dll
MOD - [2010.09.22 21:53:54 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeskMan.HydraVision.Shared\2.0.3776.37533__90ba9c70f846762e\CLI.Aspect.DeskMan.HydraVision.Shared.dll
MOD - [2010.09.22 21:53:54 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MDProp.HydraVision.Shared\2.0.3776.37534__90ba9c70f846762e\CLI.Aspect.MDProp.HydraVision.Shared.dll
MOD - [2010.09.22 21:53:54 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiDesk.HydraVision.Shared\2.0.3776.37535__90ba9c70f846762e\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
MOD - [2010.09.22 21:53:53 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3776.37538__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2010.09.22 21:53:53 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Settings.HydraVision.Dashboard\2.0.3776.37555__90ba9c70f846762e\CLI.Aspect.Settings.HydraVision.Dashboard.dll
MOD - [2010.09.22 21:53:53 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.3776.37528__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll
MOD - [2010.09.22 21:53:53 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Settings.HydraVision.Runtime\2.0.3776.37554__90ba9c70f846762e\CLI.Aspect.Settings.HydraVision.Runtime.dll
MOD - [2010.09.22 21:53:53 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Runtime\2.0.3776.37527__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Runtime.dll
MOD - [2010.09.22 21:53:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Settings.HydraVision.Shared\2.0.3776.37554__90ba9c70f846762e\CLI.Aspect.Settings.HydraVision.Shared.dll
MOD - [2010.09.22 21:53:53 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Shared\2.0.3776.37527__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Shared.dll
MOD - [2010.09.22 21:53:53 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3776.37526__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2010.09.22 21:53:53 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3776.37530__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2010.09.22 21:53:52 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3776.37553__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2010.09.22 21:53:52 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3776.37403__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:52 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3776.37427__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010.09.22 21:53:52 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3776.37421__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010.09.22 21:53:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3776.37413__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:52 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3776.37526__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2010.09.22 21:53:52 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3776.37527__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2010.09.22 21:53:51 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3776.37556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:51 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3776.37489__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3776.37412__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:51 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3776.37465__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:51 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3776.37451__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:51 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3776.37556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:50 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3776.37471__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:50 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3776.37472__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010.09.22 21:53:50 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3776.37512__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:50 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3776.37470__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:50 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3776.37553__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:49 | 000,856,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3776.37455__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:49 | 000,655,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3776.37525__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:49 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3776.37481__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010.09.22 21:53:49 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3776.37524__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:48 | 001,298,432 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3776.37549__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:48 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3776.37429__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:48 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3776.37428__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:48 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3776.37454__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:48 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3776.37460__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3776.37460__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3776.37432__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:47 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3776.37453__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:47 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3776.37448__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:47 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.09.22 21:53:47 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3776.37452__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:47 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3776.37453__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:47 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3776.37462__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010.09.22 21:53:47 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3776.37397__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010.09.22 21:53:47 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010.09.22 21:53:47 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3776.37392__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010.09.22 21:53:47 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3776.37509__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010.09.22 21:53:47 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3776.37397__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010.09.22 21:53:47 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3776.37518__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010.09.22 21:53:47 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3776.37402__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010.09.22 21:53:47 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3776.37398__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010.09.22 21:53:46 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3776.37391__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010.09.22 21:53:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010.09.22 21:53:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3776.37390__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010.09.22 21:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3776.37504__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010.09.22 21:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3776.37393__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010.09.22 21:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010.09.22 21:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3776.37394__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010.09.22 21:53:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010.09.22 21:53:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010.09.22 21:53:46 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3776.37392__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010.09.22 21:53:46 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3776.37401__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010.09.22 21:53:46 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3776.37395__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010.09.22 21:53:45 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3776.37395__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3776.37444__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3776.37523__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3776.37470__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3776.37510__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3776.37413__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.VeryLargeDesktop.Graphics.Shared\2.0.3776.37461__90ba9c70f846762e\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3776.37459__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3776.37402__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3776.37420__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3776.37412__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3776.37511__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3776.37393__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010.09.22 21:53:45 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3776.37396__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010.09.22 21:53:44 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3776.37546__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2010.09.22 21:53:44 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3776.37505__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010.09.22 21:53:44 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3776.37502__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010.09.22 21:53:44 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3776.37489__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010.09.22 21:53:44 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3776.37423__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010.09.22 21:53:44 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3776.37452__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010.09.22 21:53:44 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3776.37412__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010.09.22 21:53:44 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3776.37519__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010.09.22 21:53:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3776.37464__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010.09.22 21:53:44 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3776.37394__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010.09.22 21:53:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3776.37413__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010.09.22 21:53:44 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3776.37423__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010.09.22 21:53:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3776.37395__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010.09.22 21:53:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3776.37393__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010.09.22 21:53:44 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3776.37400__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010.09.22 21:53:44 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3776.37398__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010.09.22 21:53:44 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3776.37398__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010.09.22 21:53:43 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3776.37499__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010.09.22 21:53:43 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3776.37420__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010.09.22 21:53:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3776.37400__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010.09.22 21:53:43 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3776.37401__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010.09.22 21:53:43 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3776.37397__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010.09.22 21:53:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3776.37396__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010.09.22 21:53:43 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3776.37419__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010.09.22 21:53:43 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3776.37407__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010.09.22 21:53:42 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3776.37409__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010.09.22 21:53:42 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3776.37399__90ba9c70f846762e\APM.Server.dll
MOD - [2010.09.22 21:53:42 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3776.37398__90ba9c70f846762e\AEM.Server.dll
MOD - [2010.09.22 21:53:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3776.37406__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010.09.22 21:53:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010.09.22 21:53:42 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3776.37504__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010.09.22 21:53:42 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3776.37425__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010.05.05 02:21:48 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2010.04.16 13:20:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.27 21:27:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.24 17:27:56 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.10 01:07:06 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.18 12:09:24 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\MedionVA\WTGService.exe -- (WTGService)
SRV - [2010.10.29 16:59:40 | 000,517,416 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2010.05.05 03:14:56 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.09.17 10:33:26 | 000,651,776 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.08.16 10:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Alex\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.11.26 09:51:02 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.05 03:46:22 | 005,550,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.05.05 02:23:00 | 000,176,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.05.04 06:43:54 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.03.09 11:20:14 | 000,104,464 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.19 14:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.01.24 23:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2008.01.24 23:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2008.01.24 23:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2008.01.24 23:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.12.14 03:28:00 | 008,244,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.31 11:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.07.07 14:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005.12.15 14:27:52 | 000,034,639 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FTD2XX.sys -- (FTD2XX)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1810567798-2778380014-2148713396-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA@2020Technologies.com:5.0.7.0
FF - prefs.js..extensions.enabledAddons: firefox-ext@youtubekeep.com:1.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.01.14 12:40:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.06.27 08:42:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.10.22 18:22:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 21:27:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 21:27:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 21:27:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 21:27:50 | 000,000,000 | ---D | M]
 
[2008.08.30 15:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions
[2008.08.30 15:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012.10.23 20:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\n1p5cw3r.default\extensions
[2010.06.28 18:25:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\n1p5cw3r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.18 11:39:51 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\n1p5cw3r.default\extensions\2020Player@2020Technologies.com
[2011.06.28 08:28:20 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\n1p5cw3r.default\extensions\2020Player_IKEA@2020Technologies.com
[2010.06.28 18:25:37 | 000,000,000 | ---D | M] (YouTube Video Downloader) -- C:\Users\Alex\AppData\Roaming\mozilla\Firefox\Profiles\n1p5cw3r.default\extensions\firefox-ext@youtubekeep.com
[2012.08.29 21:46:47 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\n1p5cw3r.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.10.27 21:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.27 21:27:53 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.10.27 21:27:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.27 21:27:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.27 21:27:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.04.10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009.05.18 23:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007.03.22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2011.12.04 09:14:28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2011.12.04 09:14:28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2011.12.04 09:14:28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2011.12.04 09:14:28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2011.12.04 09:14:28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2011.12.04 09:14:29 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2011.12.04 09:14:29 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009.01.11 08:48:16 | 001,830,912 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2012.06.08 07:11:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 06:54:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.08 07:11:45 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.30 06:54:04 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012.06.08 07:11:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.08 07:11:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.08 07:11:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

2. Teil
------------------------

O1 HOSTS File: ([2012.11.04 14:35:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\Programme\Byteswarm\LiveUpdate\LiveUpdate.exe (AceGain Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003..\Run: [Kiehgoceuf] C:\Users\Alex\AppData\Roaming\Oleb\fadek.exe File not found
O4 - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1810567798-2778380014-2148713396-1004..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1810567798-2778380014-2148713396-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1810567798-2778380014-2148713396-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C06A783-A4D7-4ABB-B2BB-D468D80441D4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{784FD3C6-63C6-4BE2-8CD9-1D4FAD1E3437}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004.03.23 20:55:35 | 000,929,851 | R--- | M] () - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002.07.21 20:12:28 | 000,000,105 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.04 14:53:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012.11.04 14:37:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\temp
[2012.11.04 14:36:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.04 14:24:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.11.04 14:03:52 | 004,996,943 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2012.11.03 18:11:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.03 18:11:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.03 18:11:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.03 18:11:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.03 18:11:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.28 10:40:48 | 000,000,000 | ---D | C] -- C:\Es war einmal der Mensch DVD 6 (C-XC O T-174 S-0 A-DE_EN_FR Q-124)
[2012.10.27 21:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.17 23:15:15 | 000,000,000 | ---D | C] -- C:\Spacken Test
[2012.10.10 07:04:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 07:04:41 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 07:04:40 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2008.06.20 06:43:10 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Alex\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.04 15:42:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.04 15:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.04 14:53:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012.11.04 14:35:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.04 14:08:17 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.04 14:08:17 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.04 14:03:56 | 004,996,943 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2012.11.04 13:07:10 | 000,139,152 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.11.04 10:00:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.11.04 08:15:06 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.04 08:15:06 | 000,600,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.04 08:15:06 | 000,130,700 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.04 08:15:06 | 000,103,578 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.04 08:08:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.04 08:08:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.04 08:08:11 | 2146,664,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.03 16:17:07 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0B478D9A-A3A0-425B-A64A-446EA1219869}.job
[2012.11.03 16:10:39 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Documents\MBR.dat
[2012.11.03 15:14:08 | 208,231,980 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.03 15:01:02 | 000,000,020 | ---- | M] () -- C:\Users\Alex\defogger_reenable
[2012.11.03 14:22:47 | 000,229,376 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.02 15:47:13 | 000,363,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.02 15:44:46 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.11.02 15:29:19 | 000,001,356 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2012.10.21 22:25:36 | 000,000,144 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Default.PLS
[2012.10.10 01:07:06 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.10 01:07:06 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.08 08:20:19 | 001,577,010 | ---- | M] () -- C:\Users\Alex\Documents\gigaset a510 anleitung.pdf
[2012.10.08 08:14:23 | 000,563,778 | ---- | M] () -- C:\Users\Alex\Documents\gigaset repeater anleitung.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.03 18:11:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.03 18:11:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.03 18:11:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.03 18:11:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.03 18:11:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.03 16:10:39 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Documents\MBR.dat
[2012.11.03 15:00:50 | 000,000,020 | ---- | C] () -- C:\Users\Alex\defogger_reenable
[2012.11.02 15:47:12 | 2146,664,448 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.08 08:20:19 | 001,577,010 | ---- | C] () -- C:\Users\Alex\Documents\gigaset a510 anleitung.pdf
[2012.10.08 08:14:23 | 000,563,778 | ---- | C] () -- C:\Users\Alex\Documents\gigaset repeater anleitung.pdf
[2012.07.01 13:28:34 | 000,000,130 | ---- | C] () -- C:\ProgramData\avalon2.2.ini
[2011.06.02 22:21:27 | 000,087,406 | ---- | C] () -- C:\Users\Alex\HAZ-Anzeigenschluss.jpg
[2010.10.31 22:15:25 | 000,000,552 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d8caps.dat
[2010.09.22 21:42:40 | 000,001,356 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2009.03.14 12:16:22 | 000,000,124 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\wklnhst.dat
[2008.07.14 22:21:03 | 000,000,644 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\AutoGK.ini
[2008.06.20 06:43:10 | 000,007,887 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\pcouffin.cat
[2008.06.20 06:43:10 | 000,001,144 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\pcouffin.inf
[2008.06.06 10:04:28 | 000,004,096 | -H-- | C] () -- C:\Users\Alex\AppData\Local\keyfile3.drm
[2008.02.22 17:44:33 | 000,000,691 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\coreavc.ini
[2008.02.17 21:39:32 | 000,000,144 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Default.PLS
[2008.02.16 10:07:45 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.02.15 00:32:51 | 000,229,376 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.14 10:29:06 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.13 21:07:25 | 000,000,092 | ---- | C] () -- C:\Users\Alex\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.10.27 21:27:52 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.10.27 21:27:52 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.10.27 21:27:52 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.10.27 21:27:53 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.10.27 21:27:53 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.10.27 21:27:53 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012.08.25 09:31:30 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012.08.25 09:31:30 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012.08.25 09:31:30 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.08.25 12:55:48 | 000,638,064 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012.08.25 12:55:48 | 000,638,064 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.10.27 21:27:52 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.10.27 21:27:52 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.10.27 21:27:52 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.10.27 21:27:53 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.10.27 21:27:53 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.10.27 21:27:53 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012.08.25 09:31:30 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012.08.25 09:31:30 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012.08.25 09:31:30 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012.08.25 12:55:48 | 000,638,064 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012.08.25 12:55:48 | 000,638,064 | ---- | M] (Microsoft Corporation)
 
< c:\users\Alex\AppData\Roaming\*. >
[2008.02.14 00:20:30 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Adobe
[2008.09.01 21:43:03 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Any DVD Converter Professional
[2012.06.02 21:18:41 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Apple Computer
[2010.09.22 21:57:32 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\ATI
[2012.05.29 07:34:08 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Avira
[2012.08.26 17:17:25 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\AVS4YOU
[2008.03.11 23:05:00 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Controller
[2008.02.17 22:36:37 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\CyberLink
[2008.02.23 13:31:44 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\DAEMON Tools
[2010.05.19 23:30:08 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\DAEMON Tools Lite
[2010.05.04 20:30:26 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\DivX
[2009.01.05 09:22:41 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Gearbox Software
[2008.03.30 11:11:18 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Google
[2008.10.31 21:08:38 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Help
[2008.07.15 22:25:03 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\ICQ
[2008.03.17 23:59:42 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\ICQLite
[2008.02.13 21:07:03 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Identities
[2010.04.29 06:36:15 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\ImgBurn
[2010.05.11 21:56:34 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\InstallShield
[2008.02.14 00:17:57 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Macromedia
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Media Center Programs
[2008.02.22 17:35:35 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Media Player Classic
[2011.12.27 01:06:51 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\MedionVA
[2012.06.09 22:13:08 | 000,000,000 | --SD | M] -- c:\users\Alex\AppData\Roaming\Microsoft
[2009.04.19 21:27:53 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Move Networks
[2008.08.30 15:31:01 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Mozilla
[2012.09.02 17:25:33 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\NCH Software
[2008.02.13 21:07:24 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Nero
[2009.11.26 22:36:13 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Nokia
[2009.11.26 22:35:21 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Nokia Ovi Suite
[2009.11.26 20:46:55 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Nseries
[2009.11.26 20:48:27 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\PC Suite
[2009.12.07 20:11:40 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Real
[2012.10.29 10:12:59 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\SEDE
[2008.02.22 20:00:51 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\SmartFTP
[2010.02.07 00:26:39 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\teamspeak2
[2009.03.14 12:16:24 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Template
[2010.01.31 11:41:10 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\TS3Client
[2008.02.17 22:37:01 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\TVcentral-Core
[2012.11.04 00:00:36 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\UseNeXT
[2012.10.05 08:52:41 | 000,000,000 | -H-D | M] -- c:\users\Alex\AppData\Roaming\User Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}
[2008.02.22 18:56:31 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\vlc
[2012.06.04 19:46:37 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Vso
[2009.05.03 00:07:03 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\WinRAR
[2011.05.23 08:47:50 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\Xilisoft
[2010.08.20 11:38:20 | 000,000,000 | ---D | M] -- c:\users\Alex\AppData\Roaming\XnView

< End of report >

--- --- ---

M-K-D-B · 05.11.2012, 18:01

Servus,

das kann von ComboFix kommen. Am Ende der Bereinigung werden die Einstellungen wieder auf Standard zurückgestellt.

Schritt 1

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-21-1810567798-2778380014-2148713396-1003..\Run: [Kiehgoceuf] C:\Users\Alex\AppData\Roaming\Oleb\fadek.exe File not found

:commands
[Emptytemp]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Wie läuft dein Rechner derzeit?
Gibt es noch Probleme? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von AdwCleaner,
die Beantwortung der gestellten Fragen.

Lawman · 06.11.2012, 00:02

Hallo Matthias,

der Rechner läuft eigentlich schon seit dem Combofix-Einsatz wieder normal. Also gestern konnte ich www.malwarebytes.org im Browser eingeben, ohne dass gleich wieder google.de draus wurde und das Programm von dort konnte ich auch starten, was vorher nicht ging.

Hier die Daten:

----------------------OTL--------------------

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1810567798-2778380014-2148713396-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Kiehgoceuf deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 231126 bytes
->Temporary Internet Files folder emptied: 107332742 bytes
->Java cache emptied: 14206254 bytes
->FireFox cache emptied: 217496847 bytes
->Flash cache emptied: 4050 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NeroMediaHomeUser.4
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 324,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11052012_234344

Files\Folders moved on Reboot...
C:\Windows\temp\JET32B.tmp moved successfully.
File\Folder C:\Windows\temp\JET97CB.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

-------------ADWCLEANER----------------

# AdwCleaner v2.006 - Datei am 05/11/2012 um 23:52:30 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Alex - PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alex\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Software

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19328

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default
Datei : C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\n1p5cw3r.default\prefs.js

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\n1p5cw3r.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1242 octets] - [05/11/2012 23:52:30]

########## EOF - C:\AdwCleaner[S1].txt - [1302 octets] ##########

M-K-D-B · 06.11.2012, 16:00

Servus,

na das hört sich doch schon gut an.

Jetzt bitte die folgenden Kontrollsuchlaufe starten... nicht, dass wir etwas übersehen haben.

Schritt 1
Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

M-K-D-B · 10.11.2012, 11:46

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!