Spontan kurz angezeigte cmd.exe inkl. Text

meatkn1fe · 23.11.2011, 15:45

Hallo,

ich habe seit längerer Zeit... das Problem, dass ab und an - in unregelmäßigen Abständen - schnell hintereinander zwei CMD-Fenster auftauchen.
In dem das zu erst aufgeht, steht etwas Text, direkt danach blendet eine zweite CMD ein und beide verschwinden so schnell wieder, dass man nichts erkennen kann.

Mit einem Desktop-Screenshot hab ich bisher nur das 2. Fenster, eine komplett leere cmd.exe festhalten können.
Habe dann ein Videotool installiert und den Desktop aufgenommen.
Obwohl ich definitiv! gesehen habe, dass zwei Fenster aufgingen hintereinander, ist in dem Desktop-Video nur ein einziges Fenster zu sehen. Nämlich das zweite das mit aufgeht, die leere cmd.exe.

Ich kann dieses Auftauchen nicht mit irgendeiner Installation der letzten Tage in Verbindung bringen.
Antivir meldet keinen Befall des Systems. Mit HijackThis habe ich nichts finden können, dass dafür verantwortlich gewesen wäre.

Mich interessiert nun an erster Stelle was genau das ist und ob es schädlich ist oder nicht.
Würde das, unabhängig von der Schädlichkeit, gern abstellen, auch wenn es nichts schlimmes sein sollte.
Aber am wichtigsten wäre mir erstmal Klarheit, worum es sich handelt.

Die Boardsuche liefert bzgl. Eingabeaufforderung sehr viele Threads die mit irgendeinem Bundestrojaner zutun haben und bisherige Recherche über Google hat mir keinen sinnvollen Hinweis zur Beseitigung/Klärung meines Problems gebracht. Hoffe ich habe da nichts übersehen.

Wäre schön, wenn mir jemand helfen könnte.

OTL.txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.11.2011 16:21:45 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\asphyxiaphan\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,98 Gb Available Physical Memory | 74,51% Memory free
8,00 Gb Paging File | 6,94 Gb Available in Paging File | 86,79% Paging File free
Paging file location(s): p:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,88 Gb Total Space | 1,58 Gb Free Space | 3,97% Space Free | Partition Type: NTFS
Drive D: | 3,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive P: | 230,47 Gb Total Space | 3,05 Gb Free Space | 1,32% Space Free | Partition Type: NTFS
Drive S: | 195,31 Gb Total Space | 2,57 Gb Free Space | 1,32% Space Free | Partition Type: NTFS
 
Computer Name: ASPHYXIAPHAN-PC | User Name: asphyxiaphan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.23 16:19:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\asphyxiaphan\Desktop\OTL.exe
PRC - [2011.11.18 13:21:23 | 008,482,560 | ---- | M] () -- c:\program files (x86)\common files\akamai\installer_no_upload_silent.exe
PRC - [2011.11.17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\asphyxiaphan\AppData\Local\Akamai\netsession_win.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.08.24 16:49:50 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.03.16 01:09:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008.11.18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.23 16:16:22 | 001,428,992 | ---- | M] () -- C:\Windows\Installer\MSI2A91.tmp
MOD - [2011.11.18 13:21:23 | 008,482,560 | ---- | M] () -- c:\program files (x86)\common files\akamai\installer_no_upload_silent.exe
MOD - [2009.03.26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.18 21:30:08 | 001,436,424 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.07.07 02:50:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.09 13:31:26 | 000,567,808 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.11.18 13:20:34 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011.11.02 16:40:34 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.03 09:58:52 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2010.08.24 16:49:50 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.08.15 13:12:21 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- P:\Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.03.16 01:09:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.01.23 07:12:18 | 000,673,792 | ---- | M] () [Disabled | Stopped] -- P:\Inventor\Moldflow\bin\mitsijm.exe -- (mitsijm2011)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.27 09:02:32 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2011.10.19 16:56:15 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.01.21 12:50:42 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.01 20:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.08.13 09:00:07 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.08.04 17:00:02 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.07.28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010.07.07 03:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.07.07 02:15:42 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.06 10:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.21 19:12:50 | 001,288,192 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV - [2010.12.01 20:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006.04.26 00:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ISODisk.sys -- (ISODisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.downhill-board.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: P:\Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: P:\Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.26 23:16:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.26 23:16:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.16 18:14:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.16 18:14:44 | 000,000,000 | ---D | M]
 
[2008.04.17 01:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asphyxiaphan\AppData\Roaming\mozilla\Extensions
[2011.11.08 20:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asphyxiaphan\AppData\Roaming\mozilla\Firefox\Profiles\pr1qqjlw.default\extensions
[2011.03.09 18:20:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\asphyxiaphan\AppData\Roaming\mozilla\Firefox\Profiles\pr1qqjlw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.04 15:48:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\asphyxiaphan\AppData\Roaming\mozilla\Firefox\Profiles\pr1qqjlw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.11.08 20:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.09.25 09:21:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.21 13:27:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.26 23:16:47 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010.12.26 23:16:47 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.09.21 13:27:40 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011.10.14 21:29:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.14 21:29:00 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.28 22:06:26 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2011.10.14 21:29:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.14 21:29:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.14 21:29:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\asphyxiaphan\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - P:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\asphyxiaphan\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - P:\Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] P:\Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\asphyxiaphan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\asphyxiaphan\AppData\Local\Apps\2.0\3KK11X70.T2Y\NNM6B94G.0CG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear File not found
O4 - HKCU..\Run: [RGSC] S:\GTA\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E37390B-0F70-43A5-B1F8-002CDDF3DA5A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - P:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\Shell - "" = AutoRun
O33 - MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\Shell\install\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {09A0078B-852C-40AF-9EE1-E7EE09B37ECB} - Internet Explorer
ActiveX:64bit: {1392845D-8D0C-6F2F-E1CA-C57B2B7979B2} - Internet Explorer
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {332E613D-C2ED-C6E9-108B-EA2BC9F57C4C} - Internet Explorer
ActiveX:64bit: {34D1FC8B-FC5A-51EB-D0C3-A7669B877A7B} - Internet Explorer
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5129D5C5-12A2-9636-2DF2-2891A247FD9D} - Internet Explorer
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0CC3E04C-9983-F8B8-D801-C9403CA5994A} - Internet Explorer
ActiveX: {1F5F2B76-3192-4856-3339-C2A1D8365C65} - Microsoft Windows Media Player 12.0
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^asphyxiaphan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Infium - hkey= - key= - C:\Program Files (x86)\QIP 2010\qip.exe (QIP)
MsConfig:64bit - StartUpReg: NVIDIA nTune - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QIP Internet Guardian - hkey= - key= - C:\Users\asphyxiaphan\AppData\Roaming\QipGuard\QipGuard.exe ()
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.23 16:19:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\asphyxiaphan\Desktop\OTL.exe
[2011.11.23 16:16:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.22 23:56:15 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Local\DVDVideoSoft_Ltd
[2011.11.22 18:13:06 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Roaming\DVDVideoSoft
[2011.11.22 18:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.11.22 18:12:59 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\Documents\DVDVideoSoft
[2011.11.22 18:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.11.22 18:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011.11.22 18:12:19 | 013,261,568 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Users\asphyxiaphan\Desktop\FreeScreenVideoRecorder.exe
[2011.11.22 14:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011.11.22 14:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.11.22 14:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011.11.22 14:04:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.11.22 14:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.11.22 14:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011.11.22 14:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011.11.22 14:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011.11.22 14:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.11.22 14:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011.11.22 14:01:59 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Local\Microsoft Help
[2011.11.22 14:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.11.16 23:26:09 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\Desktop\backups
[2011.11.16 23:17:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\asphyxiaphan\Desktop\HiJackThis204.exe
[2011.11.10 11:00:25 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Roaming\Avira
[2011.11.10 10:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.11.10 10:55:01 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.11.10 10:55:01 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.11.10 10:55:01 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.11.10 10:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.11.10 10:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.11.10 09:36:36 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Local\Akamai
[2011.11.05 23:38:11 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\Desktop\Prophecy - Don't Fuckin' Mess With Texas - 2011
[2011.11.01 21:00:58 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\Desktop\KINGDOM COME - FREE EP
[2011.10.24 17:21:26 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\Desktop\Mortal Sin - Psychology Of Death - 2011
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\asphyxiaphan\AppData\Local\*.tmp files -> C:\Users\asphyxiaphan\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.23 16:23:07 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 16:23:07 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 16:21:53 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.23 16:21:53 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.23 16:21:53 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.23 16:21:53 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.23 16:21:53 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.23 16:19:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\asphyxiaphan\Desktop\OTL.exe
[2011.11.23 16:15:37 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.23 16:15:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.23 16:15:14 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.23 16:13:47 | 000,000,020 | ---- | M] () -- C:\Users\asphyxiaphan\defogger_reenable
[2011.11.23 16:12:33 | 000,050,477 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\Defogger.exe
[2011.11.23 15:40:30 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.22 18:19:34 | 013,261,568 | ---- | M] (DVDVideoSoft Ltd.                                           ) -- C:\Users\asphyxiaphan\Desktop\FreeScreenVideoRecorder.exe
[2011.11.22 18:13:02 | 000,001,371 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\Free Screen Video Recorder.lnk
[2011.11.22 18:13:02 | 000,001,243 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\DVDVideoSoft Free Studio.lnk
[2011.11.22 17:19:44 | 000,539,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.16 23:17:41 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\asphyxiaphan\Desktop\HiJackThis204.exe
[2011.11.07 21:01:26 | 084,419,032 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\avira_free_antivirus_de.exe
[2011.11.04 16:53:54 | 000,647,073 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\roadgapchen.jpg
[2011.11.01 11:34:23 | 000,092,308 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\descendant.jpg
[2011.10.27 19:57:32 | 000,009,504 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\parkbesuche2011.ods
[2011.10.27 09:02:32 | 000,147,472 | ---- | M] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys
[2011.10.25 18:06:02 | 000,342,698 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\grashopper.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\asphyxiaphan\AppData\Local\*.tmp files -> C:\Users\asphyxiaphan\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.23 16:13:46 | 000,000,020 | ---- | C] () -- C:\Users\asphyxiaphan\defogger_reenable
[2011.11.23 16:12:33 | 000,050,477 | ---- | C] () -- C:\Users\asphyxiaphan\Desktop\Defogger.exe
[2011.11.22 18:13:02 | 000,001,371 | ---- | C] () -- C:\Users\asphyxiaphan\Desktop\Free Screen Video Recorder.lnk
[2011.11.22 18:13:02 | 000,001,243 | ---- | C] () -- C:\Users\asphyxiaphan\Desktop\DVDVideoSoft Free Studio.lnk
[2011.11.07 20:58:23 | 084,419,032 | ---- | C] () -- C:\Users\asphyxiaphan\Desktop\avira_free_antivirus_de.exe
[2011.11.04 16:53:51 | 000,647,073 | ---- | C] () -- C:\Users\asphyxiaphan\Desktop\roadgapchen.jpg
[2011.11.01 11:34:23 | 000,092,308 | ---- | C] () -- C:\Users\asphyxiaphan\Desktop\descendant.jpg
[2011.10.25 18:05:57 | 000,342,698 | ---- | C] () -- C:\Users\asphyxiaphan\Desktop\grashopper.jpg
[2011.10.08 15:21:32 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{807A9328-FC1A-4064-ACDD-3BB9AACBE606}
[2011.09.09 21:13:40 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.08.24 20:00:50 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{4E1C9F3F-2F08-4FBC-B9C4-7E3F1385F1BC}
[2011.08.12 14:44:38 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{14A25BFF-71A1-4980-A5EF-EBB01D3FBC21}
[2011.08.08 13:44:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.08 13:41:46 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.08 13:35:57 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{B39C1273-88A7-475A-A937-C4BF5CA1F2E0}
[2011.08.08 13:34:06 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{A8A69CAD-729D-40C1-916F-75A50A82FDE4}
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.07.14 21:53:52 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{FE1F4599-18FD-4ACC-A012-E5B309D3739E}
[2011.07.13 20:56:04 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{E6CA7840-DED3-437D-A469-2269D8CEB4B9}
[2011.07.03 11:19:01 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{D5B33BC7-045B-4C3A-9825-B7A4F32BB7B3}
[2011.07.03 11:17:51 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{FB0BFA75-BC98-412A-A1D9-7190B9FB9A1F}
[2011.07.01 23:11:00 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{1A7989B0-E95C-4A68-84EF-B2B3777A3671}
[2011.06.24 10:21:20 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{F6E899B0-8664-449D-91BB-AB8EB0FA8B70}
[2011.06.21 16:37:41 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{814EB674-BEE0-4C3C-8955-AAB775A48F98}
[2011.06.12 17:28:59 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{D1F556A9-16BD-4289-9042-C7F1FA8C09DB}
[2011.05.25 17:26:44 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{7715F9FB-4F73-4747-B9D8-D3529970615C}
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.30 17:40:13 | 000,009,600 | ---- | C] () -- C:\Windows\SysWow64\drivers\ISODisk.sys
[2011.01.21 12:57:36 | 000,000,467 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.01.21 12:57:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.01.15 20:31:12 | 000,007,605 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\Resmon.ResmonCfg
[2010.12.28 22:18:46 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.19 15:31:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.24 16:49:49 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.08.15 13:11:29 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.08.15 13:11:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.08.15 12:59:42 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2010.08.13 08:38:46 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.13 08:38:46 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.13 08:38:46 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.04 17:25:36 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini
[2010.08.04 16:19:01 | 000,003,118 | ---- | C] () -- C:\Windows\SysWow64\AudioDrv.ini
[2010.08.04 16:15:55 | 000,003,348 | R--- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.01.12 12:40:10 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Autodesk
[2010.08.04 17:20:00 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\DAEMON Tools Lite
[2011.11.22 18:13:07 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\DVDVideoSoft
[2011.11.08 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Gutscheinmieze
[2011.09.15 15:00:54 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\HLSW
[2011.11.23 13:28:45 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\ICQ
[2010.12.26 23:16:49 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Local
[2010.12.27 21:37:51 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\MB-Ruler
[2010.09.25 09:30:36 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\OpenOffice.org
[2011.05.12 09:39:44 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\PTC
[2008.04.17 00:07:36 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\QIP
[2008.04.17 00:07:24 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\QipGuard
[2011.09.08 15:03:29 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\TS3Client
[2010.08.05 09:27:59 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Ubisoft
[2011.11.06 15:34:38 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.04.16 23:41:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.10.23 17:29:49 | 000,000,000 | ---D | M] -- C:\BlueByte
[2011.11.23 16:16:19 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.04.16 23:41:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.09.13 15:31:13 | 000,000,000 | ---D | M] -- C:\DOSBox-0.74
[2011.09.13 15:24:20 | 000,000,000 | ---D | M] -- C:\DOSPROG
[2011.09.13 15:27:04 | 000,000,000 | ---D | M] -- C:\KEEN4
[2010.08.18 21:24:35 | 000,000,000 | ---D | M] -- C:\MITSI 2011 Temporary Files
[2011.08.12 15:32:25 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.22 14:02:35 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.22 18:12:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.11.22 14:01:54 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.04.16 23:41:12 | 000,000,000 | -HSD | M] -- C:\Programme
[2008.04.16 23:41:12 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.23 16:23:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.04.16 23:41:49 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.22 14:04:40 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >

--- --- ---

cosinus · 24.11.2011, 11:52

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

meatkn1fe · 24.11.2011, 15:20

Erstmal Danke.

Malewarebytes läuft noch - soll ich das Log auch posten, wenn keine Infizierung festgestellt wurde?

Den anderen Scan führe ich danach aus.

cosinus · 24.11.2011, 15:54

Ja Logs immer posten

meatkn1fe · 24.11.2011, 16:12

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8231

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24.11.2011 16:11:02
mbam-log-2011-11-24 (16-11-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|P:\|S:\|)
Durchsuchte Objekte: 444249
Laufzeit: 1 Stunde(n), 47 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
p:\zensiert\SAVE\laufwerk d\mirc612.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
p:\zensiert\laufwerk d\vt_214.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
s:\zensiert\E\mirc612.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
s:\zensiert\E\vt_214.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Das Problem tritt aktuell immernoch auf. Mittlerweile scheinen teilweise sogar DREI cmd-Fenster aufzugehen. Eines davon, ein leeres, bleibt sogar ab und an so lang stehen, das ich es noch verschieben o.ä. kann, bevor es von selbst schließt.
Ist dieser Onlinescan ungefährlich? Kann mich mit der Idee nicht so anfreunden, den Rechner am Netz zu haben und dabei die Antivirensoftware auszuschalten. Oder passiert da nix?

cosinus · 24.11.2011, 16:37

Zitat:

s:\zensiert\E\vt_214.exe (Trojan.Dropper)

Was soll das zensiert bedeuten? Du sollst nur private persönliche Infos unkenntlich machen.

Zitat:

Ist dieser Onlinescan ungefährlich?

Wir würden hier den OnlineScan kaum empfehlen wenn dieser zu gefährlich wäre.

meatkn1fe · 24.11.2011, 17:06

Zitat:

Zitat von cosinus

Was soll das zensiert bedeuten? Du sollst nur private persönliche Infos unkenntlich machen.

War eine nachfolgende Ordnerstruktur in privaten Daten, die nicht ins Netz gehört.

Was mich allerdings wundert ist, dass bei Programmen wie Ventrilo und IRC, die ich vor laaanger Zeit genutzt hab nun solche Meldungen auftauchen.

Bezüglich des Scans meinte ich auch nicht den Scan ansich, sondern die Zeit in die der Rechner online ist, ohne Virenschutz. Seis drum, den Onlinescan werd ich nachher ausführen und danach das Log posten.

cosinus · 24.11.2011, 17:17

Zitat:

sondern die Zeit in die der Rechner online ist, ohne Virenschutz.

Diese Frage hört man immer wieder, ich hab den Eindruck die Softwareindustrie hat mit Erfolg ganze Arbeit geleistet. Ein einfach "onlinesein" wird nicht sicherer nur weil ein Virenscanner läuft.

meatkn1fe · 24.11.2011, 19:57

Habe Antivir deaktiviert und die Firewall von Windows ebenso - trotzdem scannt das Ding überhaupt nichts, ist sofort fertig und sagt "0 objects scanned". Woran liegt das?

cosinus · 24.11.2011, 20:20

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

meatkn1fe · 24.11.2011, 20:39

Hab ich gemacht, bin des Lesens ja mächtig.

meatkn1fe · 04.12.2011, 19:53

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
C:\Users\asphyxiaphan\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
C:\Users\asphyxiaphan\AppData\Roaming\Mozilla\FireFox\Profiles\pr1qqjlw.default\user.js moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA nTune deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
File J:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
File J:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
File J:\SETUP.EXE not found.
C:\Users\asphyxiaphan\AppData\Roaming\Gutscheinmieze folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: asphyxiaphan
->Temp folder emptied: 958252517 bytes
->Temporary Internet Files folder emptied: 112233879 bytes
->Java cache emptied: 4976374 bytes
->FireFox cache emptied: 125832071 bytes
->Flash cache emptied: 66727 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: test
->Temp folder emptied: 33629 bytes
->Temporary Internet Files folder emptied: 4287535 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4606742 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 131306869 bytes

Total Files Cleaned = 1.280,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12042011_194801

Files\Folders moved on Reboot...
C:\Users\asphyxiaphan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

meatkn1fe · 04.12.2011, 20:46

20:44:26.0859 4032 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
20:44:26.0894 4032 ============================================================
20:44:26.0894 4032 Current date / time: 2011/12/04 20:44:26.0894
20:44:26.0894 4032 SystemInfo:
20:44:26.0894 4032
20:44:26.0894 4032 OS Version: 6.1.7600 ServicePack: 0.0
20:44:26.0894 4032 Product type: Workstation
20:44:26.0894 4032 ComputerName: ASPHYXIAPHAN-PC
20:44:26.0895 4032 UserName: asphyxiaphan
20:44:26.0895 4032 Windows directory: C:\Windows
20:44:26.0895 4032 System windows directory: C:\Windows
20:44:26.0895 4032 Running under WOW64
20:44:26.0895 4032 Processor architecture: Intel x64
20:44:26.0895 4032 Number of processors: 2
20:44:26.0895 4032 Page size: 0x1000
20:44:26.0895 4032 Boot type: Normal boot
20:44:26.0895 4032 ============================================================
20:44:27.0797 4032 Initialize success
20:45:33.0303 2196 ============================================================
20:45:33.0303 2196 Scan started
20:45:33.0303 2196 Mode: Manual; SigCheck; TDLFS;
20:45:33.0303 2196 ============================================================
20:45:33.0724 2196 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:45:33.0802 2196 1394ohci - ok
20:45:33.0833 2196 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:45:33.0849 2196 ACPI - ok
20:45:33.0864 2196 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:45:33.0911 2196 AcpiPmi - ok
20:45:34.0036 2196 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:45:34.0051 2196 adp94xx - ok
20:45:34.0067 2196 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:45:34.0083 2196 adpahci - ok
20:45:34.0114 2196 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:45:34.0129 2196 adpu320 - ok
20:45:34.0161 2196 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
20:45:34.0270 2196 AFD - ok
20:45:34.0348 2196 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:45:34.0348 2196 agp440 - ok
20:45:34.0410 2196 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:45:34.0426 2196 aliide - ok
20:45:34.0488 2196 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:45:34.0488 2196 amdide - ok
20:45:34.0535 2196 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:45:34.0551 2196 AmdK8 - ok
20:45:34.0722 2196 amdkmdag (3d07f9c090c7a1d76d624972a5384471) C:\Windows\system32\DRIVERS\atikmdag.sys
20:45:34.0878 2196 amdkmdag ( UnsignedFile.Multi.Generic ) - warning
20:45:34.0878 2196 amdkmdag - detected UnsignedFile.Multi.Generic (1)
20:45:34.0972 2196 amdkmdap (99ab7e4b24c80155dc4296f657faf3c7) C:\Windows\system32\DRIVERS\atikmpag.sys
20:45:34.0987 2196 amdkmdap ( UnsignedFile.Multi.Generic ) - warning
20:45:34.0987 2196 amdkmdap - detected UnsignedFile.Multi.Generic (1)
20:45:35.0019 2196 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:45:35.0050 2196 AmdPPM - ok
20:45:35.0081 2196 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
20:45:35.0081 2196 amdsata - ok
20:45:35.0221 2196 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:45:35.0253 2196 amdsbs - ok
20:45:35.0284 2196 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
20:45:35.0299 2196 amdxata - ok
20:45:35.0331 2196 Amlservls - ok
20:45:35.0440 2196 AnyDVD (821e7e501226ee344fdb0f40ee46109d) C:\Windows\system32\Drivers\AnyDVD.sys
20:45:35.0471 2196 AnyDVD - ok
20:45:35.0518 2196 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:45:35.0565 2196 AppID - ok
20:45:35.0658 2196 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:45:35.0658 2196 arc - ok
20:45:35.0674 2196 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:45:35.0689 2196 arcsas - ok
20:45:35.0705 2196 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:45:35.0752 2196 AsyncMac - ok
20:45:35.0767 2196 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:45:35.0767 2196 atapi - ok
20:45:35.0877 2196 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
20:45:35.0892 2196 AtiHdmiService - ok
20:45:35.0955 2196 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:45:35.0955 2196 avgntflt - ok
20:45:36.0048 2196 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
20:45:36.0064 2196 avipbb - ok
20:45:36.0079 2196 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:45:36.0095 2196 avkmgr - ok
20:45:36.0126 2196 avmaudio (bd39d7cfd9d6a73396b618113a8e8d57) C:\Windows\system32\DRIVERS\avmaudio.sys
20:45:36.0157 2196 avmaudio - ok
20:45:36.0251 2196 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:45:36.0298 2196 b06bdrv - ok
20:45:36.0329 2196 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:45:36.0360 2196 b57nd60a - ok
20:45:36.0454 2196 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:45:36.0501 2196 Beep - ok
20:45:36.0547 2196 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:45:36.0563 2196 blbdrive - ok
20:45:36.0579 2196 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
20:45:36.0625 2196 bowser - ok
20:45:36.0703 2196 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:45:36.0735 2196 BrFiltLo - ok
20:45:36.0735 2196 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:45:36.0750 2196 BrFiltUp - ok
20:45:36.0781 2196 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:45:36.0813 2196 Brserid - ok
20:45:36.0828 2196 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:45:36.0844 2196 BrSerWdm - ok
20:45:36.0859 2196 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:45:36.0891 2196 BrUsbMdm - ok
20:45:36.0891 2196 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:45:36.0906 2196 BrUsbSer - ok
20:45:36.0984 2196 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:45:37.0015 2196 BTHMODEM - ok
20:45:37.0047 2196 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:45:37.0093 2196 cdfs - ok
20:45:37.0125 2196 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:45:37.0140 2196 cdrom - ok
20:45:37.0218 2196 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:45:37.0249 2196 circlass - ok
20:45:37.0296 2196 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:45:37.0312 2196 CLFS - ok
20:45:37.0327 2196 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:45:37.0359 2196 CmBatt - ok
20:45:37.0421 2196 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:45:37.0437 2196 cmdide - ok
20:45:37.0452 2196 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
20:45:37.0483 2196 CNG - ok
20:45:37.0499 2196 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:45:37.0515 2196 Compbatt - ok
20:45:37.0530 2196 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:45:37.0561 2196 CompositeBus - ok
20:45:37.0639 2196 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:45:37.0639 2196 crcdisk - ok
20:45:37.0702 2196 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
20:45:37.0749 2196 CSC - ok
20:45:37.0842 2196 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
20:45:37.0889 2196 DfsC - ok
20:45:37.0920 2196 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:45:37.0967 2196 discache - ok
20:45:37.0983 2196 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:45:37.0998 2196 Disk - ok
20:45:38.0092 2196 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:45:38.0107 2196 drmkaud - ok
20:45:38.0170 2196 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
20:45:38.0185 2196 DXGKrnl - ok
20:45:38.0279 2196 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:45:38.0341 2196 ebdrv - ok
20:45:38.0451 2196 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
20:45:38.0466 2196 ElbyCDIO - ok
20:45:38.0497 2196 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:45:38.0513 2196 elxstor - ok
20:45:38.0529 2196 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:45:38.0575 2196 ErrDev - ok
20:45:38.0685 2196 ESLWireAC (abc24f129c616e5dee5ce58683606c84) C:\Windows\system32\drivers\ESLWireACD.sys
20:45:38.0700 2196 ESLWireAC - ok
20:45:38.0716 2196 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:45:38.0763 2196 exfat - ok
20:45:38.0778 2196 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:45:38.0841 2196 fastfat - ok
20:45:38.0856 2196 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:45:38.0887 2196 fdc - ok
20:45:38.0965 2196 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:45:38.0981 2196 FileInfo - ok
20:45:38.0997 2196 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:45:39.0028 2196 Filetrace - ok
20:45:39.0075 2196 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:45:39.0090 2196 flpydisk - ok
20:45:39.0121 2196 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:45:39.0137 2196 FltMgr - ok
20:45:39.0215 2196 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:45:39.0231 2196 FsDepends - ok
20:45:39.0246 2196 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:45:39.0246 2196 Fs_Rec - ok
20:45:39.0277 2196 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:45:39.0293 2196 fvevol - ok
20:45:39.0309 2196 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:45:39.0324 2196 gagp30kx - ok
20:45:39.0449 2196 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys
20:45:39.0449 2196 hamachi - ok
20:45:39.0480 2196 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:45:39.0511 2196 hcw85cir - ok
20:45:39.0543 2196 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:45:39.0589 2196 HdAudAddService - ok
20:45:39.0667 2196 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:45:39.0683 2196 HDAudBus - ok
20:45:39.0699 2196 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:45:39.0730 2196 HidBatt - ok
20:45:39.0730 2196 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:45:39.0761 2196 HidBth - ok
20:45:39.0777 2196 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:45:39.0808 2196 HidIr - ok
20:45:39.0901 2196 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:45:39.0917 2196 HidUsb - ok
20:45:39.0948 2196 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:45:39.0964 2196 HpSAMD - ok
20:45:39.0995 2196 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:45:40.0057 2196 HTTP - ok
20:45:40.0073 2196 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:45:40.0073 2196 hwpolicy - ok
20:45:40.0167 2196 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:45:40.0182 2196 i8042prt - ok
20:45:40.0213 2196 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
20:45:40.0229 2196 iaStorV - ok
20:45:40.0245 2196 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:45:40.0260 2196 iirsp - ok
20:45:40.0291 2196 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:45:40.0307 2196 intelide - ok
20:45:40.0338 2196 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:45:40.0354 2196 intelppm - ok
20:45:40.0416 2196 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:45:40.0463 2196 IpFilterDriver - ok
20:45:40.0479 2196 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:45:40.0479 2196 IPMIDRV - ok
20:45:40.0494 2196 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:45:40.0541 2196 IPNAT - ok
20:45:40.0572 2196 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:45:40.0619 2196 IRENUM - ok
20:45:40.0650 2196 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:45:40.0650 2196 isapnp - ok
20:45:40.0681 2196 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:45:40.0697 2196 iScsiPrt - ok
20:45:40.0759 2196 ISODisk - ok
20:45:40.0806 2196 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
20:45:40.0806 2196 ivusb - ok
20:45:40.0853 2196 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:45:40.0853 2196 kbdclass - ok
20:45:40.0884 2196 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:45:40.0900 2196 kbdhid - ok
20:45:40.0962 2196 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:45:40.0962 2196 KSecDD - ok
20:45:40.0993 2196 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
20:45:41.0009 2196 KSecPkg - ok
20:45:41.0056 2196 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:45:41.0087 2196 ksthunk - ok
20:45:41.0181 2196 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:45:41.0227 2196 lltdio - ok
20:45:41.0274 2196 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:45:41.0290 2196 LSI_FC - ok
20:45:41.0290 2196 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:45:41.0305 2196 LSI_SAS - ok
20:45:41.0321 2196 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:45:41.0321 2196 LSI_SAS2 - ok
20:45:41.0337 2196 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:45:41.0352 2196 LSI_SCSI - ok
20:45:41.0383 2196 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:45:41.0430 2196 luafv - ok
20:45:41.0555 2196 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
20:45:41.0555 2196 MBAMProtector - ok
20:45:41.0633 2196 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:45:41.0633 2196 megasas - ok
20:45:41.0649 2196 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:45:41.0664 2196 MegaSR - ok
20:45:41.0758 2196 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:45:41.0789 2196 Modem - ok
20:45:41.0820 2196 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:45:41.0851 2196 monitor - ok
20:45:41.0898 2196 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:45:41.0898 2196 mouclass - ok
20:45:41.0961 2196 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:45:41.0976 2196 mouhid - ok
20:45:41.0992 2196 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:45:42.0007 2196 mountmgr - ok
20:45:42.0023 2196 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:45:42.0039 2196 mpio - ok
20:45:42.0054 2196 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:45:42.0101 2196 mpsdrv - ok
20:45:42.0132 2196 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:45:42.0163 2196 MRxDAV - ok
20:45:42.0210 2196 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:45:42.0241 2196 mrxsmb - ok
20:45:42.0273 2196 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:45:42.0288 2196 mrxsmb10 - ok
20:45:42.0304 2196 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:45:42.0319 2196 mrxsmb20 - ok
20:45:42.0366 2196 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:45:42.0366 2196 msahci - ok
20:45:42.0397 2196 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:45:42.0397 2196 msdsm - ok
20:45:42.0460 2196 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:45:42.0491 2196 Msfs - ok
20:45:42.0507 2196 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:45:42.0553 2196 mshidkmdf - ok
20:45:42.0585 2196 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:45:42.0585 2196 msisadrv - ok
20:45:42.0631 2196 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:45:42.0678 2196 MSKSSRV - ok
20:45:42.0725 2196 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:45:42.0772 2196 MSPCLOCK - ok
20:45:42.0787 2196 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:45:42.0834 2196 MSPQM - ok
20:45:42.0865 2196 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:45:42.0881 2196 MsRPC - ok
20:45:42.0928 2196 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:45:42.0928 2196 mssmbios - ok
20:45:43.0006 2196 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:45:43.0053 2196 MSTEE - ok
20:45:43.0053 2196 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:45:43.0084 2196 MTConfig - ok
20:45:43.0115 2196 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:45:43.0115 2196 Mup - ok
20:45:43.0162 2196 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:45:43.0177 2196 NativeWifiP - ok
20:45:43.0271 2196 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:45:43.0287 2196 NDIS - ok
20:45:43.0333 2196 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:45:43.0365 2196 NdisCap - ok
20:45:43.0396 2196 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:45:43.0443 2196 NdisTapi - ok
20:45:43.0489 2196 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:45:43.0536 2196 Ndisuio - ok
20:45:43.0583 2196 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:45:43.0614 2196 NdisWan - ok
20:45:43.0645 2196 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:45:43.0677 2196 NDProxy - ok
20:45:43.0723 2196 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:45:43.0770 2196 NetBIOS - ok
20:45:43.0801 2196 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:45:43.0864 2196 NetBT - ok
20:45:43.0911 2196 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:45:43.0911 2196 nfrd960 - ok
20:45:43.0942 2196 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:45:43.0989 2196 Npfs - ok
20:45:44.0035 2196 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:45:44.0082 2196 nsiproxy - ok
20:45:44.0129 2196 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
20:45:44.0176 2196 Ntfs - ok
20:45:44.0207 2196 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:45:44.0238 2196 Null - ok
20:45:44.0535 2196 nvlddmkm (c47d6b7299ba80a210bcafa81ac978a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:45:44.0753 2196 nvlddmkm - ok
20:45:44.0784 2196 NVR0Dev - ok
20:45:44.0847 2196 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
20:45:44.0862 2196 nvraid - ok
20:45:44.0909 2196 nvsmu (61a59fb62864eb3f32d24985a505ce03) C:\Windows\system32\DRIVERS\nvsmu.sys
20:45:44.0909 2196 nvsmu - ok
20:45:44.0925 2196 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
20:45:44.0940 2196 nvstor - ok
20:45:45.0049 2196 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:45:45.0049 2196 nv_agp - ok
20:45:45.0065 2196 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:45:45.0081 2196 ohci1394 - ok
20:45:45.0159 2196 P17 (66a2c70da35e8559982ee9d205329e1a) C:\Windows\system32\drivers\P17.sys
20:45:45.0205 2196 P17 - ok
20:45:45.0299 2196 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:45:45.0315 2196 Parport - ok
20:45:45.0330 2196 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:45:45.0330 2196 partmgr - ok
20:45:45.0361 2196 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:45:45.0377 2196 pci - ok
20:45:45.0377 2196 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:45:45.0393 2196 pciide - ok
20:45:45.0408 2196 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:45:45.0424 2196 pcmcia - ok
20:45:45.0439 2196 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:45:45.0455 2196 pcw - ok
20:45:45.0486 2196 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:45:45.0533 2196 PEAUTH - ok
20:45:45.0689 2196 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:45:45.0720 2196 PptpMiniport - ok
20:45:45.0751 2196 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:45:45.0767 2196 Processor - ok
20:45:45.0814 2196 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:45:45.0861 2196 Psched - ok
20:45:45.0970 2196 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:45:46.0001 2196 ql2300 - ok
20:45:46.0017 2196 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:45:46.0032 2196 ql40xx - ok
20:45:46.0048 2196 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:45:46.0079 2196 QWAVEdrv - ok
20:45:46.0095 2196 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:45:46.0126 2196 RasAcd - ok
20:45:46.0219 2196 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:45:46.0266 2196 RasAgileVpn - ok
20:45:46.0282 2196 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:45:46.0313 2196 Rasl2tp - ok
20:45:46.0344 2196 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:45:46.0391 2196 RasPppoe - ok
20:45:46.0407 2196 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:45:46.0453 2196 RasSstp - ok
20:45:46.0531 2196 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:45:46.0594 2196 rdbss - ok
20:45:46.0719 2196 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:45:46.0734 2196 rdpbus - ok
20:45:46.0750 2196 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:45:46.0781 2196 RDPCDD - ok
20:45:46.0812 2196 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
20:45:46.0843 2196 RDPDR - ok
20:45:46.0921 2196 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:45:46.0968 2196 RDPENCDD - ok
20:45:46.0968 2196 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:45:47.0015 2196 RDPREFMP - ok
20:45:47.0031 2196 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:45:47.0077 2196 RDPWD - ok
20:45:47.0109 2196 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:45:47.0124 2196 rdyboost - ok
20:45:47.0155 2196 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:45:47.0202 2196 rspndr - ok
20:45:47.0280 2196 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:45:47.0280 2196 RTL8167 - ok
20:45:47.0327 2196 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
20:45:47.0358 2196 s3cap - ok
20:45:47.0389 2196 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:45:47.0389 2196 sbp2port - ok
20:45:47.0467 2196 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:45:47.0499 2196 scfilter - ok
20:45:47.0545 2196 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:45:47.0592 2196 secdrv - ok
20:45:47.0608 2196 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:45:47.0623 2196 Serenum - ok
20:45:47.0655 2196 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:45:47.0686 2196 Serial - ok
20:45:47.0748 2196 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:45:47.0779 2196 sermouse - ok
20:45:47.0795 2196 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:45:47.0811 2196 sffdisk - ok
20:45:47.0826 2196 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:45:47.0842 2196 sffp_mmc - ok
20:45:47.0857 2196 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:45:47.0873 2196 sffp_sd - ok
20:45:47.0889 2196 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:45:47.0904 2196 sfloppy - ok
20:45:47.0951 2196 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:45:47.0967 2196 SiSRaid2 - ok
20:45:47.0982 2196 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:45:47.0982 2196 SiSRaid4 - ok
20:45:48.0060 2196 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:45:48.0107 2196 Smb - ok
20:45:48.0138 2196 speedfan - ok
20:45:48.0154 2196 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:45:48.0169 2196 spldr - ok
20:45:48.0216 2196 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
20:45:48.0247 2196 sptd - ok
20:45:48.0325 2196 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
20:45:48.0357 2196 srv - ok
20:45:48.0388 2196 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
20:45:48.0435 2196 srv2 - ok
20:45:48.0450 2196 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
20:45:48.0466 2196 srvnet - ok
20:45:48.0591 2196 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:45:48.0606 2196 stexstor - ok
20:45:48.0637 2196 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:45:48.0653 2196 storflt - ok
20:45:48.0669 2196 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
20:45:48.0684 2196 storvsc - ok
20:45:48.0700 2196 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:45:48.0700 2196 swenum - ok
20:45:48.0778 2196 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
20:45:48.0825 2196 Tcpip - ok
20:45:48.0903 2196 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
20:45:48.0949 2196 TCPIP6 - ok
20:45:48.0965 2196 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:45:49.0012 2196 tcpipreg - ok
20:45:49.0027 2196 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:45:49.0074 2196 TDPIPE - ok
20:45:49.0074 2196 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:45:49.0105 2196 TDTCP - ok
20:45:49.0137 2196 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:45:49.0183 2196 tdx - ok
20:45:49.0215 2196 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:45:49.0215 2196 TermDD - ok
20:45:49.0308 2196 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:45:49.0355 2196 tssecsrv - ok
20:45:49.0402 2196 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:45:49.0449 2196 tunnel - ok
20:45:49.0449 2196 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:45:49.0464 2196 uagp35 - ok
20:45:49.0542 2196 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:45:49.0589 2196 udfs - ok
20:45:49.0636 2196 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:45:49.0651 2196 uliagpkx - ok
20:45:49.0667 2196 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:45:49.0698 2196 umbus - ok
20:45:49.0761 2196 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:45:49.0776 2196 UmPass - ok
20:45:49.0807 2196 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
20:45:49.0839 2196 usbccgp - ok
20:45:49.0854 2196 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:45:49.0885 2196 usbcir - ok
20:45:49.0901 2196 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
20:45:49.0932 2196 usbehci - ok
20:45:50.0010 2196 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
20:45:50.0026 2196 usbhub - ok
20:45:50.0041 2196 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:45:50.0057 2196 usbohci - ok
20:45:50.0088 2196 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:45:50.0119 2196 usbprint - ok
20:45:50.0151 2196 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:45:50.0166 2196 usbscan - ok
20:45:50.0244 2196 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:45:50.0244 2196 USBSTOR - ok
20:45:50.0275 2196 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:45:50.0291 2196 usbuhci - ok
20:45:50.0322 2196 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:45:50.0338 2196 vdrvroot - ok
20:45:50.0353 2196 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:45:50.0369 2196 vga - ok
20:45:50.0400 2196 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:45:50.0447 2196 VgaSave - ok
20:45:50.0509 2196 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:45:50.0525 2196 vhdmp - ok
20:45:50.0541 2196 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:45:50.0556 2196 viaide - ok
20:45:50.0587 2196 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
20:45:50.0587 2196 vmbus - ok
20:45:50.0603 2196 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:45:50.0619 2196 VMBusHID - ok
20:45:50.0634 2196 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:45:50.0650 2196 volmgr - ok
20:45:50.0681 2196 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:45:50.0697 2196 volmgrx - ok
20:45:50.0759 2196 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:45:50.0775 2196 volsnap - ok
20:45:50.0790 2196 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:45:50.0806 2196 vsmraid - ok
20:45:50.0837 2196 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:45:50.0853 2196 vwifibus - ok
20:45:50.0884 2196 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:45:50.0899 2196 WacomPen - ok
20:45:50.0931 2196 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:50.0962 2196 WANARP - ok
20:45:50.0977 2196 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:51.0009 2196 Wanarpv6 - ok
20:45:51.0087 2196 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:45:51.0102 2196 Wd - ok
20:45:51.0133 2196 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:45:51.0149 2196 Wdf01000 - ok
20:45:51.0196 2196 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:45:51.0243 2196 WfpLwf - ok
20:45:51.0258 2196 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:45:51.0258 2196 WIMMount - ok
20:45:51.0383 2196 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:45:51.0399 2196 WinUsb - ok
20:45:51.0461 2196 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:45:51.0477 2196 WmiAcpi - ok
20:45:51.0555 2196 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:45:51.0601 2196 ws2ifsl - ok
20:45:51.0633 2196 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:45:51.0679 2196 WudfPf - ok
20:45:51.0726 2196 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:45:51.0773 2196 WUDFRd - ok
20:45:51.0804 2196 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:45:51.0913 2196 \Device\Harddisk0\DR0 - ok
20:45:51.0960 2196 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
20:45:52.0631 2196 \Device\Harddisk1\DR1 - ok
20:45:52.0647 2196 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk5\DR5
20:45:53.0021 2196 \Device\Harddisk5\DR5 - ok
20:45:53.0037 2196 Boot (0x1200) (da9c96f046212f72198cd714242ba64c) \Device\Harddisk0\DR0\Partition0
20:45:53.0037 2196 \Device\Harddisk0\DR0\Partition0 - ok
20:45:53.0052 2196 Boot (0x1200) (1947a0ecb4006a292892a2b93ef663b7) \Device\Harddisk0\DR0\Partition1
20:45:53.0052 2196 \Device\Harddisk0\DR0\Partition1 - ok
20:45:53.0068 2196 Boot (0x1200) (8190adaaa52bc914b2f2c7df574192e4) \Device\Harddisk0\DR0\Partition2
20:45:53.0068 2196 \Device\Harddisk0\DR0\Partition2 - ok
20:45:53.0099 2196 Boot (0x1200) (fd4f7b286156e09fb293be30cef32888) \Device\Harddisk0\DR0\Partition3
20:45:53.0099 2196 \Device\Harddisk0\DR0\Partition3 - ok
20:45:53.0115 2196 Boot (0x1200) (27b2340daef988d3b0bcc911d16f0732) \Device\Harddisk1\DR1\Partition0
20:45:53.0130 2196 \Device\Harddisk1\DR1\Partition0 - ok
20:45:53.0130 2196 Boot (0x1200) (da97936b06e2180aeb2c5660f9217dc7) \Device\Harddisk5\DR5\Partition0
20:45:53.0130 2196 \Device\Harddisk5\DR5\Partition0 - ok
20:45:53.0130 2196 ============================================================
20:45:53.0130 2196 Scan finished
20:45:53.0130 2196 ============================================================
20:45:53.0146 1084 Detected object count: 2
20:45:53.0146 1084 Actual detected object count: 2
20:46:06.0889 1084 amdkmdag ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:06.0889 1084 amdkmdag ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:06.0889 1084 amdkmdap ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:06.0889 1084 amdkmdap ( UnsignedFile.Multi.Generic ) - User select action: Skip

meatkn1fe · 04.12.2011, 21:19

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-12-04.03 - asphyxiaphan 04.12.2011  21:05:56.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.4095.3251 [GMT 1:00]
ausgeführt von:: c:\users\asphyxiaphan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Bc
c:\programdata\Bc\0
c:\users\asphyxiaphan\AppData\Roaming\Local
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\0594b5b703b914c2f5f72c7c421996c9_1286565662.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\0594b5b703b914c2f5f72c7c421996c9_1286565662.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\AndereCops-PLEADERS_A_cbr.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\AndereCops-PLEADERS_A_cbr.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\b684790b0162ed7962b00df216604bf6.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\b684790b0162ed7962b00df216604bf6.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\cc2c2734da360d801747666e101fd4e7.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\cc2c2734da360d801747666e101fd4e7.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crow_s_s01e02.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crow_s_s01e02.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crow_s_s01e13.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crow_s_s01e13.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crow_s_s02e20.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crow_s_s02e20.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\d4eb20b546ab65ba6a46af65c368e0f2.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Die.etwas.anderen.Cops.UNRATED.DVDRiP.LD.German.a.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Die.etwas.anderen.Cops.UNRATED.DVDRiP.LD.German.a.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\etm_scrubs_s07e11.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\etm_scrubs_s07e11.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4D39291997AAC.plong(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4D39291997AAC.plong.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\itg_scrubs_s04e02.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\itg_scrubs_s04e02.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\kinowelt_cops_xvid.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\kinowelt_cops_xvid.avi(3).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\kinowelt_cops_xvid.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\mse_scrubs_s01e13.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\mse_scrubs_s01e13.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\SC_S02_E20.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scrubs.S01E13.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scrubs.S04E02.Meine.Befoerderung_randomanon.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scrubs.S06E10.German.DVDRiP.XviD_randomanon.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scrubs.S06E10.German.DVDRiP.XviD_randomanon.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Snatch.Schweine.und.Diamanten.German.b.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Microsoft\Internet Explorer\qsTAtsrv.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\IsUn0407.exe
P:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-04 bis 2011-12-04  ))))))))))))))))))))))))))))))
.
.
2011-12-04 20:11 . 2011-12-04 20:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-04 18:48 . 2011-12-04 18:48	--------	d-----w-	C:\_OTL
2011-12-03 11:28 . 2011-12-03 11:29	--------	d-----w-	c:\users\test
2011-11-24 18:47 . 2011-11-24 18:47	--------	d-----w-	c:\program files (x86)\ESET
2011-11-24 13:21 . 2011-11-24 13:21	--------	d-----w-	c:\users\asphyxiaphan\AppData\Roaming\Malwarebytes
2011-11-24 13:21 . 2011-11-24 13:21	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-24 13:21 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-24 13:21 . 2011-11-24 13:21	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-23 19:45 . 2011-11-23 19:45	--------	d-----w-	c:\users\asphyxiaphan\AppData\Roaming\IrfanView
2011-11-23 19:45 . 2011-11-23 19:45	--------	d-----w-	c:\program files (x86)\IrfanView
2011-11-22 22:56 . 2011-11-22 22:56	--------	d-----w-	c:\users\asphyxiaphan\AppData\Local\DVDVideoSoft_Ltd
2011-11-22 17:13 . 2011-11-22 17:13	--------	d-----w-	c:\users\asphyxiaphan\AppData\Roaming\DVDVideoSoft
2011-11-22 17:12 . 2011-11-22 17:13	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2011-11-22 17:12 . 2011-11-22 17:12	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2011-11-22 13:05 . 2011-11-22 13:05	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2011-11-22 13:04 . 2011-11-22 13:04	--------	d-----w-	c:\windows\PCHEALTH
2011-11-22 13:04 . 2011-11-22 13:04	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2011-11-22 13:04 . 2011-11-22 13:04	--------	d-----w-	c:\program files (x86)\Microsoft Sync Framework
2011-11-22 13:04 . 2011-11-22 13:04	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-11-22 13:03 . 2011-11-22 13:03	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2011-11-22 13:02 . 2011-11-22 13:02	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2011-11-22 13:01 . 2011-11-22 13:01	--------	d-----w-	c:\users\asphyxiaphan\AppData\Local\Microsoft Help
2011-11-22 13:01 . 2011-11-22 13:15	--------	d-----w-	c:\programdata\Microsoft Help
2011-11-10 10:00 . 2011-11-10 10:00	--------	d-----w-	c:\users\asphyxiaphan\AppData\Roaming\Avira
2011-11-10 09:55 . 2011-10-19 15:56	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-11-10 09:55 . 2011-10-19 15:56	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-11-10 09:55 . 2011-10-19 15:56	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-10 09:54 . 2011-11-10 09:54	--------	d-----w-	c:\programdata\Avira
2011-11-10 09:54 . 2011-11-10 09:54	--------	d-----w-	c:\program files (x86)\Avira
2011-11-10 08:36 . 2011-12-04 20:14	--------	d-----w-	c:\users\asphyxiaphan\AppData\Local\Akamai
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-27 08:02 . 2011-03-22 18:27	147472	----a-w-	c:\windows\system32\drivers\ESLWireACD.sys
2011-10-08 14:21 . 2011-10-08 14:21	0	---ha-w-	c:\users\asphyxiaphan\AppData\Local\BITC782.tmp
2011-08-03 08:58 . 2011-09-09 20:13	168864	----a-w-	c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\asphyxiaphan\AppData\Local\Apps\2.0\3KK11X70.T2Y\NNM6B94G.0CG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-01-21 147456]
"Akamai NetSession Interface"="c:\users\asphyxiaphan\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"BCSSync"="p:\office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-28 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 ISODisk;ISODisk; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;p:\office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R4 Amlservls;Amlservls; [x]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-15 79360]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-18 1436424]
R4 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;p:\inventor\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 567808]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2011-08-03 168864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 18:03]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 18:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2010-04-09 1057792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\asphyxiaphan\AppData\Roaming\Mozilla\Firefox\Profiles\pr1qqjlw.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - www.downhill-board.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-Siedler3Deinstall - c:\windows\IsUn0407.exe
AddRemove-Sound Blaster X-Fi Xtreme Audio Windows Drivers - c:\program files (x86)\Creative\Sound Blaster X-Fi\Program\SETUP.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1954555413-3905789421-2700991933-1000\Software\SecuROM\License information*]
"datasecu"=hex:ff,15,2b,a5,02,0a,05,b1,22,51,5f,b3,f8,5f,78,9c,1f,b0,20,32,d9,
   83,10,40,b3,d8,b8,ce,0c,6a,e6,fd,f3,56,1c,ee,54,35,51,09,57,a9,e3,69,6a,3c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\hxxp://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="hxxp://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\hxxp://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-04  21:17:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-04 20:17
.
Vor Suchlauf: 2.458.836.992 Bytes frei
Nach Suchlauf: 2.365.169.664 Bytes frei
.
- - End Of File - - 6AC56E6931203993D259127868398D6A

--- --- ---

cosinus · 24.11.2011, 20:43

Dann probier einen anderen Browser. Nur ist diese per Rechtsklick als Admin Geschichte der häufigste Fallstrick

24.11.2011, 15:54	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spontan kurz angezeigte cmd.exe inkl. Text Ja Logs immer posten __________________ Logfiles bitte immer in CODE-Tags posten

24.11.2011, 20:20	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spontan kurz angezeigte cmd.exe inkl. Text Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen __________________ Logfiles bitte immer in CODE-Tags posten

24.11.2011, 20:43	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spontan kurz angezeigte cmd.exe inkl. Text Dann probier einen anderen Browser. Nur ist diese per Rechtsklick als Admin Geschichte der häufigste Fallstrick __________________ Logfiles bitte immer in CODE-Tags posten

Spontan kurz angezeigte cmd.exe inkl. Text

Plagegeister aller Art und deren Bekämpfung: Spontan kurz angezeigte cmd.exe inkl. Text