Spontan kurz angezeigte cmd.exe inkl. Text

cosinus · 29.11.2011, 09:50

Erstell dir mal bitte ein neues Windows-Benutzerkonto mit Adminrechten in der Systemsteuerung. Starte den Rechner neu, log dich mit dem neuen Konto ein und probier ESET von da aus mal.

meatkn1fe · 03.12.2011, 12:34

Hallo,

auch das Erstellen eines Administrator-Kontos bringt nichts - der Scanner scannt weiterhin 0 Objekte und findet daher auch 0 Sachen.

cosinus · 03.12.2011, 14:37

Dann mach erstmal ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

meatkn1fe · 04.12.2011, 10:42

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.12.2011 10:26:09 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\asphyxiaphan\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,21% Memory free
8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,79% Paging File free
Paging file location(s): p:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,88 Gb Total Space | 1,23 Gb Free Space | 3,07% Space Free | Partition Type: NTFS
Drive D: | 3,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1,87 Gb Total Space | 1,58 Gb Free Space | 84,02% Space Free | Partition Type: FAT
Drive P: | 230,47 Gb Total Space | 2,91 Gb Free Space | 1,26% Space Free | Partition Type: NTFS
Drive S: | 195,31 Gb Total Space | 3,03 Gb Free Space | 1,55% Space Free | Partition Type: NTFS
 
Computer Name: ASPHYXIAPHAN-PC | User Name: asphyxiaphan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.23 16:19:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\asphyxiaphan\Desktop\OTL.exe
PRC - [2011.11.17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\asphyxiaphan\AppData\Local\Akamai\netsession_win.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.01.21 12:50:44 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\asphyxiaphan\AppData\Local\Apps\2.0\3KK11X70.T2Y\NNM6B94G.0CG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
PRC - [2010.08.24 16:49:50 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.03.16 01:09:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008.11.18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.01.21 12:50:37 | 000,368,640 | ---- | M] () -- C:\Users\asphyxiaphan\AppData\Local\Apps\2.0\3KK11X70.T2Y\NNM6B94G.0CG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL
MOD - [2010.08.05 11:02:32 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ba10321d0e7b33d8cc743c1cfcc1fb6\PresentationFramework.Classic.ni.dll
MOD - [2010.08.05 11:02:25 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7114c629020f6bba198a954e4794c979\PresentationFramework.ni.dll
MOD - [2010.08.05 11:02:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2e2e31c87004468796d3defa1a1df011\System.Windows.Forms.ni.dll
MOD - [2010.08.05 11:02:01 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c575d65bcb13c9bb68ea0fb4ecfc124\System.Deployment.ni.dll
MOD - [2010.08.05 11:02:00 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e7b5050c2c315562d740c4b9535cf5ce\PresentationCore.ni.dll
MOD - [2010.08.05 11:01:49 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9d9eb1ef43c092551bba1e45cd29b069\WindowsBase.ni.dll
MOD - [2010.08.05 11:01:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aadfdc0e7d9181a98d667a52c3c35601\System.Configuration.ni.dll
MOD - [2009.07.14 18:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 18:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 05:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009.07.14 05:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009.07.14 05:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009.07.14 05:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2009.03.26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.18 21:30:08 | 001,436,424 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.07.07 02:50:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.09 13:31:26 | 000,567,808 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.11.18 13:20:34 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011.11.02 16:40:34 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.03 09:58:52 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2010.08.24 16:49:50 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.08.15 13:12:21 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- P:\Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.03.16 01:09:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.01.23 07:12:18 | 000,673,792 | ---- | M] () [Disabled | Stopped] -- P:\Inventor\Moldflow\bin\mitsijm.exe -- (mitsijm2011)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.27 09:02:32 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2011.10.19 16:56:15 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.01.21 12:50:42 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.01 20:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.08.13 09:00:07 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.08.04 17:00:02 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.07.28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010.07.07 03:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.07.07 02:15:42 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.06 10:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.21 19:12:50 | 001,288,192 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV - [2010.12.01 20:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2006.04.26 00:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ISODisk.sys -- (ISODisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\asphyxiaphan\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.downhill-board.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: P:\Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: P:\Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.26 23:16:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.26 23:16:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.16 18:14:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.16 18:14:44 | 000,000,000 | ---D | M]
 
[2008.04.17 01:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asphyxiaphan\AppData\Roaming\mozilla\Extensions
[2011.12.03 17:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\asphyxiaphan\AppData\Roaming\mozilla\Firefox\Profiles\pr1qqjlw.default\extensions
[2011.03.09 18:20:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\asphyxiaphan\AppData\Roaming\mozilla\Firefox\Profiles\pr1qqjlw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.04 15:48:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\asphyxiaphan\AppData\Roaming\mozilla\Firefox\Profiles\pr1qqjlw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.11.28 16:53:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.09.25 09:21:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.21 13:27:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.26 23:16:47 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010.12.26 23:16:47 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.09.21 13:27:40 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2011.10.14 21:29:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.14 21:29:00 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.28 22:06:26 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2011.10.14 21:29:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.14 21:29:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.14 21:29:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\asphyxiaphan\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - P:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\asphyxiaphan\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - P:\Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] P:\Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\asphyxiaphan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\asphyxiaphan\AppData\Local\Apps\2.0\3KK11X70.T2Y\NNM6B94G.0CG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear File not found
O4 - HKCU..\Run: [RGSC] S:\GTA\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - P:\Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - P:\Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E37390B-0F70-43A5-B1F8-002CDDF3DA5A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - P:\Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\Shell - "" = AutoRun
O33 - MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\Shell\install\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^asphyxiaphan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Infium - hkey= - key= - C:\Program Files (x86)\QIP 2010\qip.exe (QIP)
MsConfig:64bit - StartUpReg: NVIDIA nTune - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QIP Internet Guardian - hkey= - key= - C:\Users\asphyxiaphan\AppData\Roaming\QipGuard\QipGuard.exe ()
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {09A0078B-852C-40AF-9EE1-E7EE09B37ECB} - Internet Explorer
ActiveX:64bit: {1392845D-8D0C-6F2F-E1CA-C57B2B7979B2} - Internet Explorer
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {332E613D-C2ED-C6E9-108B-EA2BC9F57C4C} - Internet Explorer
ActiveX:64bit: {34D1FC8B-FC5A-51EB-D0C3-A7669B877A7B} - Internet Explorer
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5129D5C5-12A2-9636-2DF2-2891A247FD9D} - Internet Explorer
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0CC3E04C-9983-F8B8-D801-C9403CA5994A} - Internet Explorer
ActiveX: {1F5F2B76-3192-4856-3339-C2A1D8365C65} - Microsoft Windows Media Player 12.0
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.24 19:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.11.24 19:47:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\asphyxiaphan\Desktop\esetsmartinstaller_enu.exe
[2011.11.24 14:21:28 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Roaming\Malwarebytes
[2011.11.24 14:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.24 14:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.24 14:21:17 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.24 14:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.24 14:19:54 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\asphyxiaphan\Desktop\mbam-setup-1.51.2.1300.exe
[2011.11.23 20:45:39 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2011.11.23 20:45:39 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Roaming\IrfanView
[2011.11.23 20:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2011.11.23 20:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2011.11.23 16:19:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\asphyxiaphan\Desktop\OTL.exe
[2011.11.22 23:56:15 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Local\DVDVideoSoft_Ltd
[2011.11.22 18:13:06 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Roaming\DVDVideoSoft
[2011.11.22 18:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.11.22 18:12:59 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\Documents\DVDVideoSoft
[2011.11.22 18:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.11.22 18:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011.11.22 14:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011.11.22 14:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.11.22 14:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011.11.22 14:04:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.11.22 14:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.11.22 14:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011.11.22 14:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011.11.22 14:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011.11.22 14:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.11.22 14:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011.11.22 14:01:59 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Local\Microsoft Help
[2011.11.22 14:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.11.16 23:26:09 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\Desktop\backups
[2011.11.16 23:17:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\asphyxiaphan\Desktop\HiJackThis204.exe
[2011.11.10 11:00:25 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Roaming\Avira
[2011.11.10 10:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.11.10 10:55:01 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.11.10 10:55:01 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.11.10 10:55:01 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.11.10 10:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.11.10 10:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.11.10 09:36:36 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\AppData\Local\Akamai
[2011.11.05 23:38:11 | 000,000,000 | ---D | C] -- C:\Users\asphyxiaphan\Desktop\Prophecy - Don't Fuckin' Mess With Texas - 2011
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\asphyxiaphan\AppData\Local\*.tmp files -> C:\Users\asphyxiaphan\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.04 10:03:44 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.04 09:40:32 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.04 09:39:55 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 09:39:55 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.04 09:36:45 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.04 09:36:45 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.04 09:36:45 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.04 09:36:45 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.04 09:36:45 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.04 09:32:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.04 09:31:28 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.01 18:12:00 | 000,009,629 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\parkbesuche2011.ods
[2011.11.28 21:00:47 | 056,407,704 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\vdf_fusebundle.zip
[2011.11.24 19:47:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\asphyxiaphan\Desktop\esetsmartinstaller_enu.exe
[2011.11.24 14:21:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.24 14:20:07 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\asphyxiaphan\Desktop\mbam-setup-1.51.2.1300.exe
[2011.11.23 16:19:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\asphyxiaphan\Desktop\OTL.exe
[2011.11.23 16:13:47 | 000,000,020 | ---- | M] () -- C:\Users\asphyxiaphan\defogger_reenable
[2011.11.23 16:12:33 | 000,050,477 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\Defogger.exe
[2011.11.22 18:13:02 | 000,001,371 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\Free Screen Video Recorder.lnk
[2011.11.22 18:13:02 | 000,001,243 | ---- | M] () -- C:\Users\asphyxiaphan\Desktop\DVDVideoSoft Free Studio.lnk
[2011.11.22 17:19:44 | 000,539,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.16 23:17:41 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\asphyxiaphan\Desktop\HiJackThis204.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\asphyxiaphan\AppData\Local\*.tmp files -> C:\Users\asphyxiaphan\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.28 20:59:22 | 056,407,704 | ---- | C] () -- C:\Users\asphyxiaphan\Desktop\vdf_fusebundle.zip
[2011.11.24 14:21:21 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.23 16:13:46 | 000,000,020 | ---- | C] () -- C:\Users\asphyxiaphan\defogger_reenable
[2011.11.23 16:12:33 | 000,050,477 | ---- | C] () -- C:\Users\asphyxiaphan\Desktop\Defogger.exe
[2011.11.22 18:13:02 | 000,001,371 | ---- | C] () -- C:\Users\asphyxiaphan\Desktop\Free Screen Video Recorder.lnk
[2011.11.22 18:13:02 | 000,001,243 | ---- | C] () -- C:\Users\asphyxiaphan\Desktop\DVDVideoSoft Free Studio.lnk
[2011.10.08 15:21:32 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{807A9328-FC1A-4064-ACDD-3BB9AACBE606}
[2011.09.09 21:13:40 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.08.24 20:00:50 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{4E1C9F3F-2F08-4FBC-B9C4-7E3F1385F1BC}
[2011.08.12 14:44:38 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{14A25BFF-71A1-4980-A5EF-EBB01D3FBC21}
[2011.08.08 13:44:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.08 13:41:46 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.08 13:35:57 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{B39C1273-88A7-475A-A937-C4BF5CA1F2E0}
[2011.08.08 13:34:06 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{A8A69CAD-729D-40C1-916F-75A50A82FDE4}
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.07.14 21:53:52 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{FE1F4599-18FD-4ACC-A012-E5B309D3739E}
[2011.07.13 20:56:04 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{E6CA7840-DED3-437D-A469-2269D8CEB4B9}
[2011.07.03 11:19:01 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{D5B33BC7-045B-4C3A-9825-B7A4F32BB7B3}
[2011.07.03 11:17:51 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{FB0BFA75-BC98-412A-A1D9-7190B9FB9A1F}
[2011.07.01 23:11:00 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{1A7989B0-E95C-4A68-84EF-B2B3777A3671}
[2011.06.24 10:21:20 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{F6E899B0-8664-449D-91BB-AB8EB0FA8B70}
[2011.06.21 16:37:41 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{814EB674-BEE0-4C3C-8955-AAB775A48F98}
[2011.06.12 17:28:59 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{D1F556A9-16BD-4289-9042-C7F1FA8C09DB}
[2011.05.25 17:26:44 | 000,000,000 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\{7715F9FB-4F73-4747-B9D8-D3529970615C}
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.30 17:40:13 | 000,009,600 | ---- | C] () -- C:\Windows\SysWow64\drivers\ISODisk.sys
[2011.01.21 12:57:36 | 000,000,467 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.01.21 12:57:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.01.15 20:31:12 | 000,007,605 | ---- | C] () -- C:\Users\asphyxiaphan\AppData\Local\Resmon.ResmonCfg
[2010.12.28 22:18:46 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.19 15:31:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.24 16:49:49 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.08.15 13:11:29 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.08.15 13:11:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.08.15 12:59:42 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2010.08.13 08:38:46 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.13 08:38:46 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.13 08:38:46 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.04 17:25:36 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini
[2010.08.04 16:19:01 | 000,003,118 | ---- | C] () -- C:\Windows\SysWow64\AudioDrv.ini
[2010.08.04 16:15:55 | 000,003,348 | R--- | C] () -- C:\Windows\SysWow64\ludap17.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.01.12 12:40:10 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Autodesk
[2010.08.04 17:20:00 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\DAEMON Tools Lite
[2011.11.22 18:13:07 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\DVDVideoSoft
[2011.11.08 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Gutscheinmieze
[2011.09.15 15:00:54 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\HLSW
[2011.12.04 10:25:48 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\ICQ
[2011.11.23 20:45:39 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\IrfanView
[2010.12.26 23:16:49 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Local
[2010.12.27 21:37:51 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\MB-Ruler
[2010.09.25 09:30:36 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\OpenOffice.org
[2011.05.12 09:39:44 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\PTC
[2008.04.17 00:07:36 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\QIP
[2008.04.17 00:07:24 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\QipGuard
[2011.09.08 15:03:29 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\TS3Client
[2010.08.05 09:27:59 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Ubisoft
[2011.11.06 15:34:38 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.04 17:32:04 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Adobe
[2011.08.08 13:44:48 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\ATI
[2011.01.12 12:40:10 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Autodesk
[2011.11.10 11:00:25 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Avira
[2011.01.21 12:57:49 | 000,000,000 | R--D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Brother
[2010.08.04 17:35:13 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Creative
[2010.08.04 17:20:00 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\DAEMON Tools Lite
[2011.08.08 16:00:55 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\DivX
[2011.12.03 19:45:41 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\dvdcss
[2011.11.22 18:13:07 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\DVDVideoSoft
[2011.11.08 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Gutscheinmieze
[2010.08.13 09:00:21 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Hamachi
[2011.09.15 15:00:54 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\HLSW
[2011.12.04 10:25:48 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\ICQ
[2008.04.16 23:41:58 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Identities
[2011.11.23 20:45:39 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\IrfanView
[2010.12.26 23:16:49 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Local
[2010.08.04 16:32:15 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Macromedia
[2011.11.24 14:21:28 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Malwarebytes
[2010.12.27 21:37:51 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\MB-Ruler
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Media Center Programs
[2011.09.05 20:22:24 | 000,000,000 | --SD | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Microsoft
[2010.08.17 14:33:28 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Microsoft Games
[2011.06.29 22:31:37 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\mIRC
[2008.04.17 01:30:14 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Mozilla
[2010.08.08 21:10:46 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\NVIDIA
[2010.09.25 09:30:36 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\OpenOffice.org
[2011.05.12 09:39:44 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\PTC
[2008.04.17 00:07:36 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\QIP
[2008.04.17 00:07:24 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\QipGuard
[2010.08.06 13:25:45 | 000,000,000 | RH-D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\SecuROM
[2011.11.08 20:51:32 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Skype
[2011.05.12 17:15:15 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\skypePM
[2011.09.08 15:03:29 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\TS3Client
[2010.08.05 09:27:59 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Ubisoft
[2011.11.22 18:56:58 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\vlc
[2010.08.04 17:39:30 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Winamp
[2010.08.17 16:33:03 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\asphyxiaphan\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2010.08.18 21:21:45 | 000,010,134 | R--- | M] () -- C:\Users\asphyxiaphan\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.05.27 16:58:22 | 000,184,272 | ---- | M] () -- C:\Users\asphyxiaphan\AppData\Roaming\QipGuard\QipGuard.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

cosinus · 04.12.2011, 19:12

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\asphyxiaphan\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKCU..\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear File not found
O4 - HKCU..\Run: [RGSC] S:\GTA\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\Shell - "" = AutoRun
O33 - MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\Shell\install\command - "" = J:\SETUP.EXE
[2011.11.08 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\asphyxiaphan\AppData\Roaming\Gutscheinmieze
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

meatkn1fe · 04.12.2011, 19:53

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
C:\Users\asphyxiaphan\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
C:\Users\asphyxiaphan\AppData\Roaming\Mozilla\FireFox\Profiles\pr1qqjlw.default\user.js moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA nTune deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
File J:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
File J:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ccc3c5-9fe1-11df-9b97-001e90f0f5f8}\ not found.
File J:\SETUP.EXE not found.
C:\Users\asphyxiaphan\AppData\Roaming\Gutscheinmieze folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: asphyxiaphan
->Temp folder emptied: 958252517 bytes
->Temporary Internet Files folder emptied: 112233879 bytes
->Java cache emptied: 4976374 bytes
->FireFox cache emptied: 125832071 bytes
->Flash cache emptied: 66727 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: test
->Temp folder emptied: 33629 bytes
->Temporary Internet Files folder emptied: 4287535 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4606742 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 131306869 bytes

Total Files Cleaned = 1.280,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12042011_194801

Files\Folders moved on Reboot...
C:\Users\asphyxiaphan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 04.12.2011, 20:26

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

meatkn1fe · 04.12.2011, 20:46

20:44:26.0859 4032 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
20:44:26.0894 4032 ============================================================
20:44:26.0894 4032 Current date / time: 2011/12/04 20:44:26.0894
20:44:26.0894 4032 SystemInfo:
20:44:26.0894 4032
20:44:26.0894 4032 OS Version: 6.1.7600 ServicePack: 0.0
20:44:26.0894 4032 Product type: Workstation
20:44:26.0894 4032 ComputerName: ASPHYXIAPHAN-PC
20:44:26.0895 4032 UserName: asphyxiaphan
20:44:26.0895 4032 Windows directory: C:\Windows
20:44:26.0895 4032 System windows directory: C:\Windows
20:44:26.0895 4032 Running under WOW64
20:44:26.0895 4032 Processor architecture: Intel x64
20:44:26.0895 4032 Number of processors: 2
20:44:26.0895 4032 Page size: 0x1000
20:44:26.0895 4032 Boot type: Normal boot
20:44:26.0895 4032 ============================================================
20:44:27.0797 4032 Initialize success
20:45:33.0303 2196 ============================================================
20:45:33.0303 2196 Scan started
20:45:33.0303 2196 Mode: Manual; SigCheck; TDLFS;
20:45:33.0303 2196 ============================================================
20:45:33.0724 2196 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:45:33.0802 2196 1394ohci - ok
20:45:33.0833 2196 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:45:33.0849 2196 ACPI - ok
20:45:33.0864 2196 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:45:33.0911 2196 AcpiPmi - ok
20:45:34.0036 2196 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:45:34.0051 2196 adp94xx - ok
20:45:34.0067 2196 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:45:34.0083 2196 adpahci - ok
20:45:34.0114 2196 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:45:34.0129 2196 adpu320 - ok
20:45:34.0161 2196 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
20:45:34.0270 2196 AFD - ok
20:45:34.0348 2196 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:45:34.0348 2196 agp440 - ok
20:45:34.0410 2196 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:45:34.0426 2196 aliide - ok
20:45:34.0488 2196 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:45:34.0488 2196 amdide - ok
20:45:34.0535 2196 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:45:34.0551 2196 AmdK8 - ok
20:45:34.0722 2196 amdkmdag (3d07f9c090c7a1d76d624972a5384471) C:\Windows\system32\DRIVERS\atikmdag.sys
20:45:34.0878 2196 amdkmdag ( UnsignedFile.Multi.Generic ) - warning
20:45:34.0878 2196 amdkmdag - detected UnsignedFile.Multi.Generic (1)
20:45:34.0972 2196 amdkmdap (99ab7e4b24c80155dc4296f657faf3c7) C:\Windows\system32\DRIVERS\atikmpag.sys
20:45:34.0987 2196 amdkmdap ( UnsignedFile.Multi.Generic ) - warning
20:45:34.0987 2196 amdkmdap - detected UnsignedFile.Multi.Generic (1)
20:45:35.0019 2196 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:45:35.0050 2196 AmdPPM - ok
20:45:35.0081 2196 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
20:45:35.0081 2196 amdsata - ok
20:45:35.0221 2196 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:45:35.0253 2196 amdsbs - ok
20:45:35.0284 2196 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
20:45:35.0299 2196 amdxata - ok
20:45:35.0331 2196 Amlservls - ok
20:45:35.0440 2196 AnyDVD (821e7e501226ee344fdb0f40ee46109d) C:\Windows\system32\Drivers\AnyDVD.sys
20:45:35.0471 2196 AnyDVD - ok
20:45:35.0518 2196 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:45:35.0565 2196 AppID - ok
20:45:35.0658 2196 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:45:35.0658 2196 arc - ok
20:45:35.0674 2196 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:45:35.0689 2196 arcsas - ok
20:45:35.0705 2196 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:45:35.0752 2196 AsyncMac - ok
20:45:35.0767 2196 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:45:35.0767 2196 atapi - ok
20:45:35.0877 2196 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
20:45:35.0892 2196 AtiHdmiService - ok
20:45:35.0955 2196 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:45:35.0955 2196 avgntflt - ok
20:45:36.0048 2196 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
20:45:36.0064 2196 avipbb - ok
20:45:36.0079 2196 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:45:36.0095 2196 avkmgr - ok
20:45:36.0126 2196 avmaudio (bd39d7cfd9d6a73396b618113a8e8d57) C:\Windows\system32\DRIVERS\avmaudio.sys
20:45:36.0157 2196 avmaudio - ok
20:45:36.0251 2196 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:45:36.0298 2196 b06bdrv - ok
20:45:36.0329 2196 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:45:36.0360 2196 b57nd60a - ok
20:45:36.0454 2196 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:45:36.0501 2196 Beep - ok
20:45:36.0547 2196 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:45:36.0563 2196 blbdrive - ok
20:45:36.0579 2196 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
20:45:36.0625 2196 bowser - ok
20:45:36.0703 2196 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:45:36.0735 2196 BrFiltLo - ok
20:45:36.0735 2196 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:45:36.0750 2196 BrFiltUp - ok
20:45:36.0781 2196 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:45:36.0813 2196 Brserid - ok
20:45:36.0828 2196 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:45:36.0844 2196 BrSerWdm - ok
20:45:36.0859 2196 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:45:36.0891 2196 BrUsbMdm - ok
20:45:36.0891 2196 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:45:36.0906 2196 BrUsbSer - ok
20:45:36.0984 2196 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:45:37.0015 2196 BTHMODEM - ok
20:45:37.0047 2196 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:45:37.0093 2196 cdfs - ok
20:45:37.0125 2196 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:45:37.0140 2196 cdrom - ok
20:45:37.0218 2196 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:45:37.0249 2196 circlass - ok
20:45:37.0296 2196 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:45:37.0312 2196 CLFS - ok
20:45:37.0327 2196 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:45:37.0359 2196 CmBatt - ok
20:45:37.0421 2196 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:45:37.0437 2196 cmdide - ok
20:45:37.0452 2196 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
20:45:37.0483 2196 CNG - ok
20:45:37.0499 2196 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:45:37.0515 2196 Compbatt - ok
20:45:37.0530 2196 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:45:37.0561 2196 CompositeBus - ok
20:45:37.0639 2196 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:45:37.0639 2196 crcdisk - ok
20:45:37.0702 2196 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
20:45:37.0749 2196 CSC - ok
20:45:37.0842 2196 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
20:45:37.0889 2196 DfsC - ok
20:45:37.0920 2196 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:45:37.0967 2196 discache - ok
20:45:37.0983 2196 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:45:37.0998 2196 Disk - ok
20:45:38.0092 2196 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:45:38.0107 2196 drmkaud - ok
20:45:38.0170 2196 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
20:45:38.0185 2196 DXGKrnl - ok
20:45:38.0279 2196 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:45:38.0341 2196 ebdrv - ok
20:45:38.0451 2196 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
20:45:38.0466 2196 ElbyCDIO - ok
20:45:38.0497 2196 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:45:38.0513 2196 elxstor - ok
20:45:38.0529 2196 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:45:38.0575 2196 ErrDev - ok
20:45:38.0685 2196 ESLWireAC (abc24f129c616e5dee5ce58683606c84) C:\Windows\system32\drivers\ESLWireACD.sys
20:45:38.0700 2196 ESLWireAC - ok
20:45:38.0716 2196 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:45:38.0763 2196 exfat - ok
20:45:38.0778 2196 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:45:38.0841 2196 fastfat - ok
20:45:38.0856 2196 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:45:38.0887 2196 fdc - ok
20:45:38.0965 2196 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:45:38.0981 2196 FileInfo - ok
20:45:38.0997 2196 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:45:39.0028 2196 Filetrace - ok
20:45:39.0075 2196 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:45:39.0090 2196 flpydisk - ok
20:45:39.0121 2196 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:45:39.0137 2196 FltMgr - ok
20:45:39.0215 2196 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:45:39.0231 2196 FsDepends - ok
20:45:39.0246 2196 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:45:39.0246 2196 Fs_Rec - ok
20:45:39.0277 2196 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:45:39.0293 2196 fvevol - ok
20:45:39.0309 2196 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:45:39.0324 2196 gagp30kx - ok
20:45:39.0449 2196 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys
20:45:39.0449 2196 hamachi - ok
20:45:39.0480 2196 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:45:39.0511 2196 hcw85cir - ok
20:45:39.0543 2196 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:45:39.0589 2196 HdAudAddService - ok
20:45:39.0667 2196 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:45:39.0683 2196 HDAudBus - ok
20:45:39.0699 2196 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:45:39.0730 2196 HidBatt - ok
20:45:39.0730 2196 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:45:39.0761 2196 HidBth - ok
20:45:39.0777 2196 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:45:39.0808 2196 HidIr - ok
20:45:39.0901 2196 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:45:39.0917 2196 HidUsb - ok
20:45:39.0948 2196 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:45:39.0964 2196 HpSAMD - ok
20:45:39.0995 2196 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:45:40.0057 2196 HTTP - ok
20:45:40.0073 2196 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:45:40.0073 2196 hwpolicy - ok
20:45:40.0167 2196 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:45:40.0182 2196 i8042prt - ok
20:45:40.0213 2196 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
20:45:40.0229 2196 iaStorV - ok
20:45:40.0245 2196 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:45:40.0260 2196 iirsp - ok
20:45:40.0291 2196 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:45:40.0307 2196 intelide - ok
20:45:40.0338 2196 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:45:40.0354 2196 intelppm - ok
20:45:40.0416 2196 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:45:40.0463 2196 IpFilterDriver - ok
20:45:40.0479 2196 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:45:40.0479 2196 IPMIDRV - ok
20:45:40.0494 2196 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:45:40.0541 2196 IPNAT - ok
20:45:40.0572 2196 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:45:40.0619 2196 IRENUM - ok
20:45:40.0650 2196 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:45:40.0650 2196 isapnp - ok
20:45:40.0681 2196 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:45:40.0697 2196 iScsiPrt - ok
20:45:40.0759 2196 ISODisk - ok
20:45:40.0806 2196 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
20:45:40.0806 2196 ivusb - ok
20:45:40.0853 2196 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:45:40.0853 2196 kbdclass - ok
20:45:40.0884 2196 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:45:40.0900 2196 kbdhid - ok
20:45:40.0962 2196 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
20:45:40.0962 2196 KSecDD - ok
20:45:40.0993 2196 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
20:45:41.0009 2196 KSecPkg - ok
20:45:41.0056 2196 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:45:41.0087 2196 ksthunk - ok
20:45:41.0181 2196 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:45:41.0227 2196 lltdio - ok
20:45:41.0274 2196 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:45:41.0290 2196 LSI_FC - ok
20:45:41.0290 2196 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:45:41.0305 2196 LSI_SAS - ok
20:45:41.0321 2196 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:45:41.0321 2196 LSI_SAS2 - ok
20:45:41.0337 2196 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:45:41.0352 2196 LSI_SCSI - ok
20:45:41.0383 2196 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:45:41.0430 2196 luafv - ok
20:45:41.0555 2196 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
20:45:41.0555 2196 MBAMProtector - ok
20:45:41.0633 2196 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:45:41.0633 2196 megasas - ok
20:45:41.0649 2196 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:45:41.0664 2196 MegaSR - ok
20:45:41.0758 2196 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:45:41.0789 2196 Modem - ok
20:45:41.0820 2196 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:45:41.0851 2196 monitor - ok
20:45:41.0898 2196 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:45:41.0898 2196 mouclass - ok
20:45:41.0961 2196 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:45:41.0976 2196 mouhid - ok
20:45:41.0992 2196 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:45:42.0007 2196 mountmgr - ok
20:45:42.0023 2196 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:45:42.0039 2196 mpio - ok
20:45:42.0054 2196 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:45:42.0101 2196 mpsdrv - ok
20:45:42.0132 2196 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:45:42.0163 2196 MRxDAV - ok
20:45:42.0210 2196 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:45:42.0241 2196 mrxsmb - ok
20:45:42.0273 2196 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:45:42.0288 2196 mrxsmb10 - ok
20:45:42.0304 2196 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:45:42.0319 2196 mrxsmb20 - ok
20:45:42.0366 2196 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:45:42.0366 2196 msahci - ok
20:45:42.0397 2196 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:45:42.0397 2196 msdsm - ok
20:45:42.0460 2196 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:45:42.0491 2196 Msfs - ok
20:45:42.0507 2196 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:45:42.0553 2196 mshidkmdf - ok
20:45:42.0585 2196 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:45:42.0585 2196 msisadrv - ok
20:45:42.0631 2196 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:45:42.0678 2196 MSKSSRV - ok
20:45:42.0725 2196 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:45:42.0772 2196 MSPCLOCK - ok
20:45:42.0787 2196 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:45:42.0834 2196 MSPQM - ok
20:45:42.0865 2196 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:45:42.0881 2196 MsRPC - ok
20:45:42.0928 2196 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:45:42.0928 2196 mssmbios - ok
20:45:43.0006 2196 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:45:43.0053 2196 MSTEE - ok
20:45:43.0053 2196 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:45:43.0084 2196 MTConfig - ok
20:45:43.0115 2196 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:45:43.0115 2196 Mup - ok
20:45:43.0162 2196 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:45:43.0177 2196 NativeWifiP - ok
20:45:43.0271 2196 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:45:43.0287 2196 NDIS - ok
20:45:43.0333 2196 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:45:43.0365 2196 NdisCap - ok
20:45:43.0396 2196 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:45:43.0443 2196 NdisTapi - ok
20:45:43.0489 2196 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:45:43.0536 2196 Ndisuio - ok
20:45:43.0583 2196 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:45:43.0614 2196 NdisWan - ok
20:45:43.0645 2196 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:45:43.0677 2196 NDProxy - ok
20:45:43.0723 2196 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:45:43.0770 2196 NetBIOS - ok
20:45:43.0801 2196 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:45:43.0864 2196 NetBT - ok
20:45:43.0911 2196 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:45:43.0911 2196 nfrd960 - ok
20:45:43.0942 2196 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:45:43.0989 2196 Npfs - ok
20:45:44.0035 2196 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:45:44.0082 2196 nsiproxy - ok
20:45:44.0129 2196 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
20:45:44.0176 2196 Ntfs - ok
20:45:44.0207 2196 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:45:44.0238 2196 Null - ok
20:45:44.0535 2196 nvlddmkm (c47d6b7299ba80a210bcafa81ac978a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:45:44.0753 2196 nvlddmkm - ok
20:45:44.0784 2196 NVR0Dev - ok
20:45:44.0847 2196 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
20:45:44.0862 2196 nvraid - ok
20:45:44.0909 2196 nvsmu (61a59fb62864eb3f32d24985a505ce03) C:\Windows\system32\DRIVERS\nvsmu.sys
20:45:44.0909 2196 nvsmu - ok
20:45:44.0925 2196 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
20:45:44.0940 2196 nvstor - ok
20:45:45.0049 2196 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:45:45.0049 2196 nv_agp - ok
20:45:45.0065 2196 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:45:45.0081 2196 ohci1394 - ok
20:45:45.0159 2196 P17 (66a2c70da35e8559982ee9d205329e1a) C:\Windows\system32\drivers\P17.sys
20:45:45.0205 2196 P17 - ok
20:45:45.0299 2196 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:45:45.0315 2196 Parport - ok
20:45:45.0330 2196 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
20:45:45.0330 2196 partmgr - ok
20:45:45.0361 2196 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:45:45.0377 2196 pci - ok
20:45:45.0377 2196 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:45:45.0393 2196 pciide - ok
20:45:45.0408 2196 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:45:45.0424 2196 pcmcia - ok
20:45:45.0439 2196 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:45:45.0455 2196 pcw - ok
20:45:45.0486 2196 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:45:45.0533 2196 PEAUTH - ok
20:45:45.0689 2196 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:45:45.0720 2196 PptpMiniport - ok
20:45:45.0751 2196 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:45:45.0767 2196 Processor - ok
20:45:45.0814 2196 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:45:45.0861 2196 Psched - ok
20:45:45.0970 2196 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:45:46.0001 2196 ql2300 - ok
20:45:46.0017 2196 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:45:46.0032 2196 ql40xx - ok
20:45:46.0048 2196 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:45:46.0079 2196 QWAVEdrv - ok
20:45:46.0095 2196 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:45:46.0126 2196 RasAcd - ok
20:45:46.0219 2196 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:45:46.0266 2196 RasAgileVpn - ok
20:45:46.0282 2196 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:45:46.0313 2196 Rasl2tp - ok
20:45:46.0344 2196 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:45:46.0391 2196 RasPppoe - ok
20:45:46.0407 2196 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:45:46.0453 2196 RasSstp - ok
20:45:46.0531 2196 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:45:46.0594 2196 rdbss - ok
20:45:46.0719 2196 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:45:46.0734 2196 rdpbus - ok
20:45:46.0750 2196 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:45:46.0781 2196 RDPCDD - ok
20:45:46.0812 2196 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
20:45:46.0843 2196 RDPDR - ok
20:45:46.0921 2196 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:45:46.0968 2196 RDPENCDD - ok
20:45:46.0968 2196 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:45:47.0015 2196 RDPREFMP - ok
20:45:47.0031 2196 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
20:45:47.0077 2196 RDPWD - ok
20:45:47.0109 2196 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:45:47.0124 2196 rdyboost - ok
20:45:47.0155 2196 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:45:47.0202 2196 rspndr - ok
20:45:47.0280 2196 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:45:47.0280 2196 RTL8167 - ok
20:45:47.0327 2196 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
20:45:47.0358 2196 s3cap - ok
20:45:47.0389 2196 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:45:47.0389 2196 sbp2port - ok
20:45:47.0467 2196 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:45:47.0499 2196 scfilter - ok
20:45:47.0545 2196 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:45:47.0592 2196 secdrv - ok
20:45:47.0608 2196 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:45:47.0623 2196 Serenum - ok
20:45:47.0655 2196 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:45:47.0686 2196 Serial - ok
20:45:47.0748 2196 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:45:47.0779 2196 sermouse - ok
20:45:47.0795 2196 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:45:47.0811 2196 sffdisk - ok
20:45:47.0826 2196 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:45:47.0842 2196 sffp_mmc - ok
20:45:47.0857 2196 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:45:47.0873 2196 sffp_sd - ok
20:45:47.0889 2196 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:45:47.0904 2196 sfloppy - ok
20:45:47.0951 2196 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:45:47.0967 2196 SiSRaid2 - ok
20:45:47.0982 2196 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:45:47.0982 2196 SiSRaid4 - ok
20:45:48.0060 2196 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:45:48.0107 2196 Smb - ok
20:45:48.0138 2196 speedfan - ok
20:45:48.0154 2196 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:45:48.0169 2196 spldr - ok
20:45:48.0216 2196 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
20:45:48.0247 2196 sptd - ok
20:45:48.0325 2196 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
20:45:48.0357 2196 srv - ok
20:45:48.0388 2196 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
20:45:48.0435 2196 srv2 - ok
20:45:48.0450 2196 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
20:45:48.0466 2196 srvnet - ok
20:45:48.0591 2196 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:45:48.0606 2196 stexstor - ok
20:45:48.0637 2196 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:45:48.0653 2196 storflt - ok
20:45:48.0669 2196 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
20:45:48.0684 2196 storvsc - ok
20:45:48.0700 2196 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:45:48.0700 2196 swenum - ok
20:45:48.0778 2196 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
20:45:48.0825 2196 Tcpip - ok
20:45:48.0903 2196 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
20:45:48.0949 2196 TCPIP6 - ok
20:45:48.0965 2196 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:45:49.0012 2196 tcpipreg - ok
20:45:49.0027 2196 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:45:49.0074 2196 TDPIPE - ok
20:45:49.0074 2196 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:45:49.0105 2196 TDTCP - ok
20:45:49.0137 2196 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:45:49.0183 2196 tdx - ok
20:45:49.0215 2196 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:45:49.0215 2196 TermDD - ok
20:45:49.0308 2196 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:45:49.0355 2196 tssecsrv - ok
20:45:49.0402 2196 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:45:49.0449 2196 tunnel - ok
20:45:49.0449 2196 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:45:49.0464 2196 uagp35 - ok
20:45:49.0542 2196 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:45:49.0589 2196 udfs - ok
20:45:49.0636 2196 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:45:49.0651 2196 uliagpkx - ok
20:45:49.0667 2196 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:45:49.0698 2196 umbus - ok
20:45:49.0761 2196 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:45:49.0776 2196 UmPass - ok
20:45:49.0807 2196 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
20:45:49.0839 2196 usbccgp - ok
20:45:49.0854 2196 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:45:49.0885 2196 usbcir - ok
20:45:49.0901 2196 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
20:45:49.0932 2196 usbehci - ok
20:45:50.0010 2196 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
20:45:50.0026 2196 usbhub - ok
20:45:50.0041 2196 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:45:50.0057 2196 usbohci - ok
20:45:50.0088 2196 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:45:50.0119 2196 usbprint - ok
20:45:50.0151 2196 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:45:50.0166 2196 usbscan - ok
20:45:50.0244 2196 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:45:50.0244 2196 USBSTOR - ok
20:45:50.0275 2196 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:45:50.0291 2196 usbuhci - ok
20:45:50.0322 2196 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:45:50.0338 2196 vdrvroot - ok
20:45:50.0353 2196 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:45:50.0369 2196 vga - ok
20:45:50.0400 2196 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:45:50.0447 2196 VgaSave - ok
20:45:50.0509 2196 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:45:50.0525 2196 vhdmp - ok
20:45:50.0541 2196 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:45:50.0556 2196 viaide - ok
20:45:50.0587 2196 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
20:45:50.0587 2196 vmbus - ok
20:45:50.0603 2196 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:45:50.0619 2196 VMBusHID - ok
20:45:50.0634 2196 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:45:50.0650 2196 volmgr - ok
20:45:50.0681 2196 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:45:50.0697 2196 volmgrx - ok
20:45:50.0759 2196 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:45:50.0775 2196 volsnap - ok
20:45:50.0790 2196 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:45:50.0806 2196 vsmraid - ok
20:45:50.0837 2196 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:45:50.0853 2196 vwifibus - ok
20:45:50.0884 2196 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:45:50.0899 2196 WacomPen - ok
20:45:50.0931 2196 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:50.0962 2196 WANARP - ok
20:45:50.0977 2196 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:51.0009 2196 Wanarpv6 - ok
20:45:51.0087 2196 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:45:51.0102 2196 Wd - ok
20:45:51.0133 2196 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:45:51.0149 2196 Wdf01000 - ok
20:45:51.0196 2196 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:45:51.0243 2196 WfpLwf - ok
20:45:51.0258 2196 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:45:51.0258 2196 WIMMount - ok
20:45:51.0383 2196 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:45:51.0399 2196 WinUsb - ok
20:45:51.0461 2196 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:45:51.0477 2196 WmiAcpi - ok
20:45:51.0555 2196 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:45:51.0601 2196 ws2ifsl - ok
20:45:51.0633 2196 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:45:51.0679 2196 WudfPf - ok
20:45:51.0726 2196 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:45:51.0773 2196 WUDFRd - ok
20:45:51.0804 2196 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:45:51.0913 2196 \Device\Harddisk0\DR0 - ok
20:45:51.0960 2196 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
20:45:52.0631 2196 \Device\Harddisk1\DR1 - ok
20:45:52.0647 2196 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk5\DR5
20:45:53.0021 2196 \Device\Harddisk5\DR5 - ok
20:45:53.0037 2196 Boot (0x1200) (da9c96f046212f72198cd714242ba64c) \Device\Harddisk0\DR0\Partition0
20:45:53.0037 2196 \Device\Harddisk0\DR0\Partition0 - ok
20:45:53.0052 2196 Boot (0x1200) (1947a0ecb4006a292892a2b93ef663b7) \Device\Harddisk0\DR0\Partition1
20:45:53.0052 2196 \Device\Harddisk0\DR0\Partition1 - ok
20:45:53.0068 2196 Boot (0x1200) (8190adaaa52bc914b2f2c7df574192e4) \Device\Harddisk0\DR0\Partition2
20:45:53.0068 2196 \Device\Harddisk0\DR0\Partition2 - ok
20:45:53.0099 2196 Boot (0x1200) (fd4f7b286156e09fb293be30cef32888) \Device\Harddisk0\DR0\Partition3
20:45:53.0099 2196 \Device\Harddisk0\DR0\Partition3 - ok
20:45:53.0115 2196 Boot (0x1200) (27b2340daef988d3b0bcc911d16f0732) \Device\Harddisk1\DR1\Partition0
20:45:53.0130 2196 \Device\Harddisk1\DR1\Partition0 - ok
20:45:53.0130 2196 Boot (0x1200) (da97936b06e2180aeb2c5660f9217dc7) \Device\Harddisk5\DR5\Partition0
20:45:53.0130 2196 \Device\Harddisk5\DR5\Partition0 - ok
20:45:53.0130 2196 ============================================================
20:45:53.0130 2196 Scan finished
20:45:53.0130 2196 ============================================================
20:45:53.0146 1084 Detected object count: 2
20:45:53.0146 1084 Actual detected object count: 2
20:46:06.0889 1084 amdkmdag ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:06.0889 1084 amdkmdag ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:46:06.0889 1084 amdkmdap ( UnsignedFile.Multi.Generic ) - skipped by user
20:46:06.0889 1084 amdkmdap ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 04.12.2011, 20:48

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

meatkn1fe · 04.12.2011, 21:19

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-12-04.03 - asphyxiaphan 04.12.2011  21:05:56.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.4095.3251 [GMT 1:00]
ausgeführt von:: c:\users\asphyxiaphan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Bc
c:\programdata\Bc\0
c:\users\asphyxiaphan\AppData\Roaming\Local
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\0594b5b703b914c2f5f72c7c421996c9_1286565662.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\0594b5b703b914c2f5f72c7c421996c9_1286565662.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\AndereCops-PLEADERS_A_cbr.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\AndereCops-PLEADERS_A_cbr.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\b684790b0162ed7962b00df216604bf6.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\b684790b0162ed7962b00df216604bf6.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\cc2c2734da360d801747666e101fd4e7.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\cc2c2734da360d801747666e101fd4e7.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crow_s_s01e02.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crow_s_s01e02.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crow_s_s01e13.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crow_s_s01e13.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crow_s_s02e20.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\crow_s_s02e20.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\d4eb20b546ab65ba6a46af65c368e0f2.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Die.etwas.anderen.Cops.UNRATED.DVDRiP.LD.German.a.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Die.etwas.anderen.Cops.UNRATED.DVDRiP.LD.German.a.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\etm_scrubs_s07e11.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\etm_scrubs_s07e11.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4D39291997AAC.plong(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4D39291997AAC.plong.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\itg_scrubs_s04e02.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\itg_scrubs_s04e02.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\kinowelt_cops_xvid.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\kinowelt_cops_xvid.avi(3).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\kinowelt_cops_xvid.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\mse_scrubs_s01e13.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\mse_scrubs_s01e13.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\SC_S02_E20.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scrubs.S01E13.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scrubs.S04E02.Meine.Befoerderung_randomanon.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scrubs.S06E10.German.DVDRiP.XviD_randomanon.avi(2).ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Scrubs.S06E10.German.DVDRiP.XviD_randomanon.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Snatch.Schweine.und.Diamanten.German.b.avi.ddp
c:\users\asphyxiaphan\AppData\Roaming\Microsoft\Internet Explorer\qsTAtsrv.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\IsUn0407.exe
P:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-04 bis 2011-12-04  ))))))))))))))))))))))))))))))
.
.
2011-12-04 20:11 . 2011-12-04 20:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-04 18:48 . 2011-12-04 18:48	--------	d-----w-	C:\_OTL
2011-12-03 11:28 . 2011-12-03 11:29	--------	d-----w-	c:\users\test
2011-11-24 18:47 . 2011-11-24 18:47	--------	d-----w-	c:\program files (x86)\ESET
2011-11-24 13:21 . 2011-11-24 13:21	--------	d-----w-	c:\users\asphyxiaphan\AppData\Roaming\Malwarebytes
2011-11-24 13:21 . 2011-11-24 13:21	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-24 13:21 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-24 13:21 . 2011-11-24 13:21	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-23 19:45 . 2011-11-23 19:45	--------	d-----w-	c:\users\asphyxiaphan\AppData\Roaming\IrfanView
2011-11-23 19:45 . 2011-11-23 19:45	--------	d-----w-	c:\program files (x86)\IrfanView
2011-11-22 22:56 . 2011-11-22 22:56	--------	d-----w-	c:\users\asphyxiaphan\AppData\Local\DVDVideoSoft_Ltd
2011-11-22 17:13 . 2011-11-22 17:13	--------	d-----w-	c:\users\asphyxiaphan\AppData\Roaming\DVDVideoSoft
2011-11-22 17:12 . 2011-11-22 17:13	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2011-11-22 17:12 . 2011-11-22 17:12	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
2011-11-22 13:05 . 2011-11-22 13:05	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2011-11-22 13:04 . 2011-11-22 13:04	--------	d-----w-	c:\windows\PCHEALTH
2011-11-22 13:04 . 2011-11-22 13:04	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2011-11-22 13:04 . 2011-11-22 13:04	--------	d-----w-	c:\program files (x86)\Microsoft Sync Framework
2011-11-22 13:04 . 2011-11-22 13:04	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-11-22 13:03 . 2011-11-22 13:03	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2011-11-22 13:02 . 2011-11-22 13:02	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2011-11-22 13:01 . 2011-11-22 13:01	--------	d-----w-	c:\users\asphyxiaphan\AppData\Local\Microsoft Help
2011-11-22 13:01 . 2011-11-22 13:15	--------	d-----w-	c:\programdata\Microsoft Help
2011-11-10 10:00 . 2011-11-10 10:00	--------	d-----w-	c:\users\asphyxiaphan\AppData\Roaming\Avira
2011-11-10 09:55 . 2011-10-19 15:56	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-11-10 09:55 . 2011-10-19 15:56	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-11-10 09:55 . 2011-10-19 15:56	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-11-10 09:54 . 2011-11-10 09:54	--------	d-----w-	c:\programdata\Avira
2011-11-10 09:54 . 2011-11-10 09:54	--------	d-----w-	c:\program files (x86)\Avira
2011-11-10 08:36 . 2011-12-04 20:14	--------	d-----w-	c:\users\asphyxiaphan\AppData\Local\Akamai
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-27 08:02 . 2011-03-22 18:27	147472	----a-w-	c:\windows\system32\drivers\ESLWireACD.sys
2011-10-08 14:21 . 2011-10-08 14:21	0	---ha-w-	c:\users\asphyxiaphan\AppData\Local\BITC782.tmp
2011-08-03 08:58 . 2011-09-09 20:13	168864	----a-w-	c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\asphyxiaphan\AppData\Local\Apps\2.0\3KK11X70.T2Y\NNM6B94G.0CG\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2011-01-21 147456]
"Akamai NetSession Interface"="c:\users\asphyxiaphan\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"BCSSync"="p:\office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-28 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 ISODisk;ISODisk; [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;p:\office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R4 Amlservls;Amlservls; [x]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-15 79360]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-18 1436424]
R4 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;p:\inventor\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 567808]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2011-08-03 168864]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 18:03]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-08 18:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2010-04-09 1057792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\asphyxiaphan\AppData\Roaming\Mozilla\Firefox\Profiles\pr1qqjlw.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - www.downhill-board.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-Siedler3Deinstall - c:\windows\IsUn0407.exe
AddRemove-Sound Blaster X-Fi Xtreme Audio Windows Drivers - c:\program files (x86)\Creative\Sound Blaster X-Fi\Program\SETUP.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1954555413-3905789421-2700991933-1000\Software\SecuROM\License information*]
"datasecu"=hex:ff,15,2b,a5,02,0a,05,b1,22,51,5f,b3,f8,5f,78,9c,1f,b0,20,32,d9,
   83,10,40,b3,d8,b8,ce,0c,6a,e6,fd,f3,56,1c,ee,54,35,51,09,57,a9,e3,69,6a,3c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\hxxp://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="hxxp://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\hxxp://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-04  21:17:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-04 20:17
.
Vor Suchlauf: 2.458.836.992 Bytes frei
Nach Suchlauf: 2.365.169.664 Bytes frei
.
- - End Of File - - 6AC56E6931203993D259127868398D6A

--- --- ---

cosinus · 04.12.2011, 22:04

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

meatkn1fe · 04.12.2011, 23:04

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 22:11:48
-----------------------------
22:11:48.958 OS Version: Windows x64 6.1.7600
22:11:48.958 Number of processors: 2 586 0x6B02
22:11:48.959 ComputerName: ASPHYXIAPHAN-PC UserName: asphyxiaphan
22:11:49.271 Initialize success
22:53:32.748 AVAST engine defs: 11120401
22:55:53.236 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
22:55:53.238 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
22:55:55.244 Disk 0 MBR read successfully
22:55:55.244 Disk 0 MBR scan
22:55:55.248 Disk 0 Windows 7 default MBR code
22:55:55.249 Service scanning
22:55:56.504 Modules scanning
22:55:56.505 Disk 0 trace - called modules:
22:55:56.510 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:55:56.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800480c060]
22:55:56.511 3 CLASSPNP.SYS[fffff880018ad43f] -> nt!IofCallDriver -> [0xfffffa800441c580]
22:55:56.511 5 ACPI.sys[fffff88000e7a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa800441e060]
22:55:56.769 AVAST engine scan C:\Windows
22:56:02.747 AVAST engine scan C:\Windows\system32
22:58:15.102 AVAST engine scan C:\Windows\system32\drivers
22:58:27.688 AVAST engine scan C:\Users\asphyxiaphan
23:02:07.731 File: C:\Users\asphyxiaphan\AppData\Local\Temp\plugtmp\plugin-crossdomain.xml **HIDDEN**
23:02:07.870 AVAST engine scan C:\ProgramData
23:02:40.515 Scan finished successfully
23:04:17.968 Disk 0 MBR has been saved successfully to "C:\Users\asphyxiaphan\Desktop\MBR.dat"
23:04:17.973 The log file has been saved successfully to "C:\Users\asphyxiaphan\Desktop\aswMBR.txt"

Der Eintrag mit "HIDDEN" ist rot markiert.
Könntest du mir denn mal ein paar Erläuterungen geben, um was es sich handelt oder was du vermutest? Führe hier einen Scan nach dem anderen aus und würde gern etwas Hintergrundwissen dazu haben, falls das nicht zu viel Tipperei für dich ist.

cosinus · 05.12.2011, 09:38

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":Files" muss mitkopiert werden!!!)

Code:

ATTFilter

:Files
C:\Users\asphyxiaphan\AppData\Local\Temp\plugtmp
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

meatkn1fe · 05.12.2011, 18:27

Hab aus Versehen den Virenscanner nicht abgeschaltet und dieser hat den Hostreset geblockt. Nun verweilt OTL bei "Resetting HOSTS File. Do not interrupt".
Was ist nun zutun? Kann ich das abbrechen und den Code einfach nochmal durchlaufen lassen?

cosinus · 05.12.2011, 18:59

Ja abbrechen nochmal machen

29.11.2011, 09:50	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spontan kurz angezeigte cmd.exe inkl. Text Erstell dir mal bitte ein neues Windows-Benutzerkonto mit Adminrechten in der Systemsteuerung. Starte den Rechner neu, log dich mit dem neuen Konto ein und probier ESET von da aus mal. __________________ Logfiles bitte immer in CODE-Tags posten

05.12.2011, 18:59	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spontan kurz angezeigte cmd.exe inkl. Text Ja abbrechen nochmal machen __________________ Logfiles bitte immer in CODE-Tags posten

Spontan kurz angezeigte cmd.exe inkl. Text

Plagegeister aller Art und deren Bekämpfung: Spontan kurz angezeigte cmd.exe inkl. Text