Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Arbeitsplatz öffnete sich mehrmals !

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.01.2013, 20:01   #1
40erdem
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



Hallo,

als ich grade beim Catten. Dafür habe ich das Programm von EA (Origin) benutzt. Plötzlich öffnete sich mein Arbeitsplatz mehrmals automatisch. Habe dann versucht, diese wegzuklicken, aber mit paar Sekunden Verspätung kamen dan wieder 4-5 neue Fenster.
Habe dann den Rechner heruntergefahren und die Internet-Verbindung getrennt.

Wie kann ich jetzt meinen Rechner sichern?
Benutze avast. Wie soll ich vorgehen?

Alt 21.01.2013, 20:27   #2
markusg
/// Malware-holic
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



hi
Internet verbindung erst mal wieder herstellen.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 22.01.2013, 20:32   #3
40erdem
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



OK, habs gemacht, und nun ?

Code:
ATTFilter
OTL Extras logfile created on: 22.01.2013 21:19:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Yegit\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,77 Gb Available Physical Memory | 84,67% Memory free
16,00 Gb Paging File | 14,73 Gb Available in Paging File | 92,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 384,34 Gb Free Space | 82,54% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWS | User Name: Yegit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BD84B8-014D-4F34-8514-62035C9DD157}" = rport=138 | protocol=17 | dir=out | app=system | 
"{15390EAD-872C-4631-B790-B855A4CC524F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{17CCB700-6458-4431-AF14-999CBDD62027}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{26161549-C25C-4ADA-980B-881FBCB4CCE5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2A424F4A-BEC9-471F-8A9B-5B2CF0E420A9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3A1A4E3B-C459-4F5F-90D6-AFA6016EF87B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4645CA36-585A-484C-9EDB-72C630A8CA57}" = rport=139 | protocol=6 | dir=out | app=system | 
"{478EB9CA-9AD2-4A41-B809-FBED6195B470}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6550D752-E3C5-451C-9E3F-6726038D5840}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7566CFFF-49F7-4EA1-8440-345E06DB73C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{79C1A5B1-99AB-41EF-B078-17B480F74685}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{7F7791C0-E0DC-4DA9-B596-9849BA4FC185}" = rport=445 | protocol=6 | dir=out | app=system | 
"{969D3A53-0CA0-41BF-B31E-E39C0DF8AB87}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ADD7C684-F387-46D6-B2F3-77C415CE2196}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AF45683E-352B-4D81-8C45-4F9644B21EBE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C264140C-E350-4548-98C8-915BA155F329}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CA55F76A-028C-43B9-A8A0-710307B24C63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D739014A-FDFD-4274-9E18-9177DC204461}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D745DB38-6BB8-4CFF-B633-E06DFD5A0C96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E4758221-73B4-4AEC-8804-D802D3F8A155}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E4A119AC-A98F-40CB-822F-23488D38D0D0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ED061C2A-C20D-44FB-B397-755F09A0CA49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F835D492-F2E9-422F-9E70-DBC0FF7140B0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FCE6228F-2DEB-4933-A443-E82B56D4D142}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046AD9C0-23F7-405F-A049-9CCEF2A60D82}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{187B0363-69CC-487C-9C6A-577CF3D91F3F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{24F994EB-6BDF-47CA-A21D-9AFC9601C275}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{255918AA-C95E-46FD-9DCC-BF8145D716F1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{46F97B5B-2064-47BD-A893-ED67B5B2B013}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{470B1442-1293-466A-A5B4-A2B02ED123F6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{48E57C21-CD10-4A36-B82F-727D4C2C660C}" = protocol=6 | dir=out | app=system | 
"{59F86490-C314-4A67-85BD-7A0F87E70E25}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{78581FCA-6ABA-4EE9-95B1-6D3984F7C375}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{7F64A8D1-1445-4711-B50A-C30F2E36075F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{80948056-ECCD-46B0-8D9C-097BF66CFF03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B91EE31-5068-49FE-A031-3227F384A24A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8EE972B4-BBBC-448B-8879-7CDD9939091E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8FB50139-8DBB-4841-9D8A-4E7E614ABAEB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{930AC1E6-0986-43D5-AD84-7F1B1C7E6F6D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{981E52B5-D432-4212-B978-1F93D0552632}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9977646A-B916-401A-A8CC-B6D617EDB314}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{9F9712F4-0887-41D7-8201-28FD21299F49}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A07CEEC8-C993-4AC6-A0A9-B0ED7798DAB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A143F7D2-AA30-419D-AE8B-071C9459E9D1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{A1EA4038-1793-4469-AAEC-E79277139420}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A37560C1-6E95-4CBF-82A2-5788C511308C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{A8519C68-2176-4D72-BF9E-41866E28F6FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A8F4B4FF-7C1B-4349-A3B1-E63F06935F42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AE307CEF-8149-4404-B308-B3F97F2404B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CAC390CD-A37C-414B-905D-5EFE56D1FEC6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{CEE5355A-6A67-4692-B3D6-4DABFC1C6AD5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D354573D-DBD0-4EF7-B4C1-6AEEBDFCB40C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe | 
"{E34A4B02-48F1-4ED1-A5F1-64882C04E245}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E350CF9A-EBF8-451D-B776-67E5D9185FEB}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{E4316D5C-CC41-45E7-882E-70C13D355DEB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E4E40D60-AA35-4957-B541-C7369DB6C1CA}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{EB313D58-1479-4B7C-8C74-3346A19FCA12}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{EDE8DF5F-00B8-45A2-B889-35131D3D4133}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F0C1C850-66C2-4C38-9AD2-3EEFD8A007DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F318A318-89B8-4573-954E-1973C8ADFF8B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"TCP Query User{43D89593-638A-483B-834A-5A049E38C835}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{70F90B45-22FB-40FE-A86C-1CD22D0C99B9}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{2885B88F-8028-4DA8-A7D1-4EBC3B944F72}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{3EF3A148-E3AA-4616-835A-45C28795B194}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.3
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}" = Battlefield 3™
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.0
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.5.0
"Warrock EU" = WarRock
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.01.2013 14:23:40 | Computer Name = Windows | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 20.01.2013 18:38:39 | Computer Name = Windows | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.01.2013 11:28:53 | Computer Name = Windows | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.01.2013 12:10:27 | Computer Name = Windows | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 21.01.2013 15:41:32 | Computer Name = Windows | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 09:05:35 | Computer Name = Windows | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 09:29:51 | Computer Name = Windows | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 22.01.2013 10:53:39 | Computer Name = Windows | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 11:49:19 | Computer Name = Windows | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 15:37:11 | Computer Name = Windows | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.12.2012 21:36:32 | Computer Name = Windows | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 28.12.2012 19:15:37 | Computer Name = Windows | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?12.?2012 um 00:14:10 unerwartet heruntergefahren.
 
Error - 28.12.2012 19:15:37 | Computer Name = WINDOWS | Source = BugCheck | ID = 1005
Description = 
 
Error - 28.12.2012 19:15:37 | Computer Name = WINDOWS | Source = BugCheck | ID = 1001
Description = 
 
Error - 28.12.2012 19:16:07 | Computer Name = Windows | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 28.12.2012 19:16:07 | Computer Name = Windows | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 28.12.2012 20:56:16 | Computer Name = Windows | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?12.?2012 um 01:55:30 unerwartet heruntergefahren.
 
Error - 28.12.2012 20:56:16 | Computer Name = WINDOWS | Source = BugCheck | ID = 1005
Description = 
 
Error - 28.12.2012 20:56:16 | Computer Name = WINDOWS | Source = BugCheck | ID = 1001
Description = 
 
Error - 31.12.2012 13:49:04 | Computer Name = Windows | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f020b fehlgeschlagen: Nokia - Other hardware - Nokia X6-00
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 22.01.2013 21:19:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Yegit\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,77 Gb Available Physical Memory | 84,67% Memory free
16,00 Gb Paging File | 14,73 Gb Available in Paging File | 92,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 384,34 Gb Free Space | 82,54% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWS | User Name: Yegit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.22 21:18:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yegit\Downloads\OTL.exe
PRC - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.02 22:45:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.19 03:45:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 00:23:09 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.02 22:45:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.11 19:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2010.11.21 04:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.05.12 11:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.07 18:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011.08.17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.06.11 13:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009.09.17 18:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.30 12:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2481020&SSPV=IESB15
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 B9 F4 FC BE C5 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Ashampoo DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=2&q="
FF - prefs.js..network.proxy.http: "87.106.246.207"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.05 13:39:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 03:45:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 03:45:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.10.03 10:52:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yegit\AppData\Roaming\mozilla\Extensions
[2012.11.25 15:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yegit\AppData\Roaming\mozilla\Firefox\Profiles\dqox3c90.default\extensions
[2012.10.03 10:59:41 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Yegit\AppData\Roaming\mozilla\Firefox\Profiles\dqox3c90.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.11.23 20:31:37 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Yegit\AppData\Roaming\mozilla\firefox\profiles\dqox3c90.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.19 03:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.05 13:39:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.01.19 03:45:27 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DDF6CF0-BAC4-4757-A36D-FE7FAB60D20F}: DhcpNameServer = 192.168.0.10
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
MsConfig:64bit - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.20 02:28:01 | 000,000,000 | ---D | C] -- C:\Users\Yegit\Desktop\Referat
[2013.01.19 23:16:02 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.01.19 23:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.01.19 23:14:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.01.19 23:12:13 | 000,000,000 | ---D | C] -- C:\Users\Yegit\AppData\Local\Windows Live
[2013.01.19 23:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.01.19 03:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.14 22:43:26 | 000,000,000 | --SD | C] -- C:\Users\Yegit\Documents\Eigene Datenquellen
[2013.01.06 04:31:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.01.06 04:31:16 | 000,000,000 | ---D | C] -- C:\Users\Yegit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2013.01.06 04:31:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2013.01.06 01:21:08 | 000,000,000 | ---D | C] -- C:\Users\Yegit\AppData\Roaming\NVIDIA
[2013.01.06 01:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
[2013.01.06 01:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Geeks3D
[2013.01.06 00:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013.01.06 00:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012.12.27 02:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.12.27 02:34:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.22 20:42:52 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 20:42:52 | 000,021,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 20:35:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.22 20:35:20 | 2146,934,783 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.22 20:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.22 15:51:50 | 403,457,721 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.20 12:35:39 | 000,151,416 | ---- | M] () -- C:\Users\Yegit\Desktop\562px-Langfristige_Zinssätze_(Eurozone).png
[2013.01.20 11:46:20 | 000,071,045 | ---- | M] () -- C:\Users\Yegit\Desktop\Euro.jpg
[2013.01.19 20:17:09 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.19 20:17:09 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.19 20:17:09 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.19 20:17:09 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.19 20:17:09 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.16 16:14:14 | 000,006,144 | ---- | M] () -- C:\Users\Yegit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.09 20:52:17 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.08 23:04:37 | 000,278,528 | ---- | M] () -- C:\Users\Yegit\Desktop\Microsoft Office Access 2007 Datenbank (neu).accdb
[2013.01.03 15:51:07 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.29 09:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.20 12:35:38 | 000,151,416 | ---- | C] () -- C:\Users\Yegit\Desktop\562px-Langfristige_Zinssätze_(Eurozone).png
[2013.01.20 11:46:18 | 000,071,045 | ---- | C] () -- C:\Users\Yegit\Desktop\Euro.jpg
[2013.01.19 23:15:54 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.01.19 23:15:46 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.01.16 16:03:50 | 000,006,144 | ---- | C] () -- C:\Users\Yegit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.08 23:04:37 | 000,278,528 | ---- | C] () -- C:\Users\Yegit\Desktop\Microsoft Office Access 2007 Datenbank (neu).accdb
[2013.01.06 01:32:56 | 403,457,721 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.02 18:33:17 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.02 18:33:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.22 20:04:47 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2012.11.22 17:23:08 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.11.22 17:23:08 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.11.22 17:23:08 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\vidccleaner.exe
[2012.11.22 15:33:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Framework
[2012.11.22 15:33:34 | 000,000,268 | RH-- | C] () -- C:\Users\Yegit\AppData\Roaming\Folder Actions
[2012.11.22 15:33:34 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.11.22 15:32:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Frameworks
[2012.11.22 15:32:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fonts
[2012.11.22 15:32:58 | 000,000,268 | RH-- | C] () -- C:\Users\Yegit\AppData\Roaming\Folder Actions Handlers
[2012.11.22 15:32:58 | 000,000,268 | RH-- | C] () -- C:\Users\Yegit\AppData\Roaming\Flowers
[2012.11.22 15:32:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.11.22 15:32:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.11.22 15:32:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Guitar
[2012.11.22 15:32:35 | 000,000,268 | RH-- | C] () -- C:\Users\Yegit\AppData\Roaming\Grand Piano
[2012.11.22 15:32:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2012.09.28 16:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.25 01:14:22 | 000,000,000 | ---D | M] -- C:\Users\Yegit\AppData\Roaming\Ashampoo
[2012.10.03 11:38:25 | 000,000,000 | ---D | M] -- C:\Users\Yegit\AppData\Roaming\MotioninJoy
[2012.11.22 15:37:43 | 000,000,000 | ---D | M] -- C:\Users\Yegit\AppData\Roaming\Nikon
[2012.12.01 17:00:51 | 000,000,000 | ---D | M] -- C:\Users\Yegit\AppData\Roaming\Origin
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.03 09:42:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.10.03 09:41:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.10.03 16:30:18 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.12.23 16:09:49 | 000,000,000 | ---D | M] -- C:\Nexon
[2012.10.03 10:29:57 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.06 00:45:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.19 23:15:37 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.23 16:26:05 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.10.03 09:41:49 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.10.03 09:41:49 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.01.22 21:20:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.10.03 10:31:19 | 000,000,000 | ---D | M] -- C:\temp
[2012.10.03 10:50:27 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.22 15:51:50 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.10.03 10:28:47 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.09.07 16:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.01.22 21:27:21 | 001,572,864 | -HS- | M] () -- C:\Users\Yegit\NTUSER.DAT
[2013.01.22 21:27:21 | 000,262,144 | -HS- | M] () -- C:\Users\Yegit\ntuser.dat.LOG1
[2012.10.03 09:42:00 | 000,000,000 | -HS- | M] () -- C:\Users\Yegit\ntuser.dat.LOG2
[2012.10.03 10:19:49 | 000,065,536 | -HS- | M] () -- C:\Users\Yegit\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.10.03 10:19:49 | 000,524,288 | -HS- | M] () -- C:\Users\Yegit\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.10.03 10:19:49 | 000,524,288 | -HS- | M] () -- C:\Users\Yegit\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.10.03 09:42:00 | 000,000,020 | -HS- | M] () -- C:\Users\Yegit\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
__________________

Alt 22.01.2013, 20:40   #4
markusg
/// Malware-holic
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.01.2013, 20:47   #5
40erdem
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



Auch das ist getan..

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
User: Yegit
->Flash cache emptied: 506 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Yegit
->Temp folder emptied: 4014310 bytes
->Temporary Internet Files folder emptied: 41418358 bytes
->Java cache emptied: 1123182 bytes
->FireFox cache emptied: 77167224 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22231452 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 1394165 bytes
 
Total Files Cleaned = 141,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01222013_214411

Files\Folders moved on Reboot...
C:\Users\Yegit\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         


Alt 22.01.2013, 20:49   #6
markusg
/// Malware-holic
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
--> Arbeitsplatz öffnete sich mehrmals !

Alt 22.01.2013, 20:53   #7
40erdem
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



Also 1 threat gefunden, habe dann wie gesagt Skip gemacht und unter C:/ diese log file gefunden

Code:
ATTFilter
21:50:21.0207 1436  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:50:21.0332 1436  ============================================================
21:50:21.0332 1436  Current date / time: 2013/01/22 21:50:21.0332
21:50:21.0332 1436  SystemInfo:
21:50:21.0332 1436  
21:50:21.0332 1436  OS Version: 6.1.7601 ServicePack: 1.0
21:50:21.0332 1436  Product type: Workstation
21:50:21.0332 1436  ComputerName: WINDOWS
21:50:21.0332 1436  UserName: Yegit
21:50:21.0332 1436  Windows directory: C:\Windows
21:50:21.0332 1436  System windows directory: C:\Windows
21:50:21.0332 1436  Running under WOW64
21:50:21.0332 1436  Processor architecture: Intel x64
21:50:21.0332 1436  Number of processors: 4
21:50:21.0332 1436  Page size: 0x1000
21:50:21.0332 1436  Boot type: Normal boot
21:50:21.0332 1436  ============================================================
21:50:23.0035 1436  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x7E2CB, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
21:50:23.0035 1436  ============================================================
21:50:23.0035 1436  \Device\Harddisk0\DR0:
21:50:23.0035 1436  MBR partitions:
21:50:23.0035 1436  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:50:23.0035 1436  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
21:50:23.0035 1436  ============================================================
21:50:23.0050 1436  C: <-> \Device\Harddisk0\DR0\Partition2
21:50:23.0050 1436  ============================================================
21:50:23.0050 1436  Initialize success
21:50:23.0050 1436  ============================================================
21:51:11.0222 0688  ============================================================
21:51:11.0222 0688  Scan started
21:51:11.0222 0688  Mode: Manual; SigCheck; TDLFS; 
21:51:11.0222 0688  ============================================================
21:51:12.0097 0688  ================ Scan system memory ========================
21:51:12.0097 0688  System memory - ok
21:51:12.0097 0688  ================ Scan services =============================
21:51:12.0128 0688  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:51:12.0363 0688  !SASCORE - ok
21:51:12.0519 0688  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:51:12.0566 0688  1394ohci - ok
21:51:12.0644 0688  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:51:12.0691 0688  ACDaemon - ok
21:51:12.0722 0688  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:51:12.0738 0688  ACPI - ok
21:51:12.0769 0688  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:51:12.0800 0688  AcpiPmi - ok
21:51:12.0863 0688  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:51:12.0894 0688  AdobeARMservice - ok
21:51:13.0019 0688  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:51:13.0050 0688  AdobeFlashPlayerUpdateSvc - ok
21:51:13.0097 0688  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:51:13.0113 0688  adp94xx - ok
21:51:13.0160 0688  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:51:13.0175 0688  adpahci - ok
21:51:13.0191 0688  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:51:13.0207 0688  adpu320 - ok
21:51:13.0238 0688  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:51:13.0300 0688  AeLookupSvc - ok
21:51:13.0332 0688  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:51:13.0363 0688  AFD - ok
21:51:13.0410 0688  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:51:13.0441 0688  agp440 - ok
21:51:13.0457 0688  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:51:13.0472 0688  ALG - ok
21:51:13.0503 0688  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:51:13.0519 0688  aliide - ok
21:51:13.0535 0688  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:51:13.0550 0688  amdide - ok
21:51:13.0582 0688  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:51:13.0597 0688  AmdK8 - ok
21:51:13.0628 0688  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:51:13.0660 0688  AmdPPM - ok
21:51:13.0691 0688  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:51:13.0707 0688  amdsata - ok
21:51:13.0722 0688  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:51:13.0769 0688  amdsbs - ok
21:51:13.0785 0688  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:51:13.0800 0688  amdxata - ok
21:51:13.0832 0688  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:51:13.0878 0688  AppID - ok
21:51:13.0910 0688  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:51:13.0988 0688  AppIDSvc - ok
21:51:14.0003 0688  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:51:14.0066 0688  Appinfo - ok
21:51:14.0082 0688  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
21:51:14.0097 0688  arc - ok
21:51:14.0113 0688  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:51:14.0113 0688  arcsas - ok
21:51:14.0160 0688  [ 912A215CE180A6E7C923C662D7EC777D ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
21:51:14.0175 0688  AsrAppCharger - ok
21:51:14.0222 0688  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
21:51:14.0238 0688  aswFsBlk - ok
21:51:14.0269 0688  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
21:51:14.0285 0688  aswMonFlt - ok
21:51:14.0300 0688  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
21:51:14.0316 0688  aswRdr - ok
21:51:14.0347 0688  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
21:51:14.0378 0688  aswSnx - ok
21:51:14.0394 0688  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
21:51:14.0410 0688  aswSP - ok
21:51:14.0425 0688  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
21:51:14.0425 0688  aswTdi - ok
21:51:14.0457 0688  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:51:14.0503 0688  AsyncMac - ok
21:51:14.0519 0688  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:51:14.0535 0688  atapi - ok
21:51:14.0566 0688  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:51:14.0675 0688  AudioEndpointBuilder - ok
21:51:14.0691 0688  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:51:14.0722 0688  AudioSrv - ok
21:51:14.0785 0688  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:51:14.0816 0688  avast! Antivirus - ok
21:51:14.0847 0688  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:51:14.0910 0688  AxInstSV - ok
21:51:14.0941 0688  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:51:14.0972 0688  b06bdrv - ok
21:51:14.0988 0688  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:51:15.0019 0688  b57nd60a - ok
21:51:15.0035 0688  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:51:15.0066 0688  BDESVC - ok
21:51:15.0082 0688  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:51:15.0128 0688  Beep - ok
21:51:15.0160 0688  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:51:15.0207 0688  BFE - ok
21:51:15.0253 0688  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:51:15.0347 0688  BITS - ok
21:51:15.0378 0688  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:51:15.0394 0688  blbdrive - ok
21:51:15.0410 0688  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:51:15.0441 0688  bowser - ok
21:51:15.0457 0688  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:51:15.0488 0688  BrFiltLo - ok
21:51:15.0488 0688  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:51:15.0503 0688  BrFiltUp - ok
21:51:15.0535 0688  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:51:15.0582 0688  Browser - ok
21:51:15.0597 0688  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:51:15.0628 0688  Brserid - ok
21:51:15.0644 0688  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:51:15.0675 0688  BrSerWdm - ok
21:51:15.0691 0688  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:51:15.0707 0688  BrUsbMdm - ok
21:51:15.0722 0688  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:51:15.0738 0688  BrUsbSer - ok
21:51:15.0753 0688  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:51:15.0785 0688  BTHMODEM - ok
21:51:15.0816 0688  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:51:15.0847 0688  bthserv - ok
21:51:15.0878 0688  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:51:15.0941 0688  cdfs - ok
21:51:15.0972 0688  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:51:16.0003 0688  cdrom - ok
21:51:16.0003 0688  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:51:16.0066 0688  CertPropSvc - ok
21:51:16.0082 0688  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
21:51:16.0097 0688  circlass - ok
21:51:16.0113 0688  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:51:16.0128 0688  CLFS - ok
21:51:16.0191 0688  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:51:16.0238 0688  clr_optimization_v2.0.50727_32 - ok
21:51:16.0269 0688  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:51:16.0300 0688  clr_optimization_v2.0.50727_64 - ok
21:51:16.0363 0688  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:51:16.0410 0688  clr_optimization_v4.0.30319_32 - ok
21:51:16.0425 0688  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:51:16.0441 0688  clr_optimization_v4.0.30319_64 - ok
21:51:16.0472 0688  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:51:16.0488 0688  CmBatt - ok
21:51:16.0503 0688  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:51:16.0519 0688  cmdide - ok
21:51:16.0550 0688  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:51:16.0582 0688  CNG - ok
21:51:16.0597 0688  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:51:16.0613 0688  Compbatt - ok
21:51:16.0644 0688  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:51:16.0675 0688  CompositeBus - ok
21:51:16.0675 0688  COMSysApp - ok
21:51:16.0691 0688  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:51:16.0707 0688  crcdisk - ok
21:51:16.0738 0688  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:51:16.0800 0688  CryptSvc - ok
21:51:16.0816 0688  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:51:16.0878 0688  DcomLaunch - ok
21:51:16.0910 0688  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:51:17.0003 0688  defragsvc - ok
21:51:17.0019 0688  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:51:17.0066 0688  DfsC - ok
21:51:17.0082 0688  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:51:17.0144 0688  Dhcp - ok
21:51:17.0160 0688  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:51:17.0222 0688  discache - ok
21:51:17.0269 0688  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
21:51:17.0300 0688  Disk - ok
21:51:17.0332 0688  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:51:17.0394 0688  Dnscache - ok
21:51:17.0425 0688  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:51:17.0472 0688  dot3svc - ok
21:51:17.0488 0688  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:51:17.0535 0688  DPS - ok
21:51:17.0566 0688  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:51:17.0628 0688  drmkaud - ok
21:51:17.0675 0688  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:51:17.0722 0688  DXGKrnl - ok
21:51:17.0738 0688  EagleX64 - ok
21:51:17.0769 0688  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:51:17.0800 0688  EapHost - ok
21:51:17.0863 0688  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:51:17.0941 0688  ebdrv - ok
21:51:17.0972 0688  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:51:18.0003 0688  EFS - ok
21:51:18.0066 0688  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:51:18.0144 0688  ehRecvr - ok
21:51:18.0160 0688  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:51:18.0191 0688  ehSched - ok
21:51:18.0238 0688  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:51:18.0285 0688  elxstor - ok
21:51:18.0300 0688  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:51:18.0316 0688  ErrDev - ok
21:51:18.0363 0688  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:51:18.0410 0688  EventSystem - ok
21:51:18.0425 0688  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:51:18.0457 0688  exfat - ok
21:51:18.0472 0688  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:51:18.0503 0688  fastfat - ok
21:51:18.0535 0688  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:51:18.0566 0688  Fax - ok
21:51:18.0582 0688  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
21:51:18.0613 0688  fdc - ok
21:51:18.0628 0688  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:51:18.0660 0688  fdPHost - ok
21:51:18.0660 0688  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:51:18.0707 0688  FDResPub - ok
21:51:18.0738 0688  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:51:18.0769 0688  FileInfo - ok
21:51:18.0785 0688  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:51:18.0847 0688  Filetrace - ok
21:51:18.0878 0688  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:51:18.0894 0688  flpydisk - ok
21:51:18.0910 0688  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:51:18.0925 0688  FltMgr - ok
21:51:18.0957 0688  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
21:51:18.0988 0688  FontCache - ok
21:51:19.0035 0688  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:51:19.0035 0688  FontCache3.0.0.0 - ok
21:51:19.0050 0688  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:51:19.0066 0688  FsDepends - ok
21:51:19.0097 0688  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:51:19.0097 0688  Fs_Rec - ok
21:51:19.0113 0688  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:51:19.0128 0688  fvevol - ok
21:51:19.0160 0688  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:51:19.0175 0688  gagp30kx - ok
21:51:19.0191 0688  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:51:19.0238 0688  gpsvc - ok
21:51:19.0253 0688  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:51:19.0269 0688  hcw85cir - ok
21:51:19.0300 0688  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:51:19.0332 0688  HdAudAddService - ok
21:51:19.0347 0688  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:51:19.0378 0688  HDAudBus - ok
21:51:19.0378 0688  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:51:19.0410 0688  HidBatt - ok
21:51:19.0425 0688  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:51:19.0441 0688  HidBth - ok
21:51:19.0472 0688  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:51:19.0488 0688  HidIr - ok
21:51:19.0503 0688  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:51:19.0535 0688  hidserv - ok
21:51:19.0550 0688  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:51:19.0566 0688  HidUsb - ok
21:51:19.0582 0688  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:51:19.0644 0688  hkmsvc - ok
21:51:19.0660 0688  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:51:19.0691 0688  HomeGroupListener - ok
21:51:19.0707 0688  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:51:19.0753 0688  HomeGroupProvider - ok
21:51:19.0785 0688  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:51:19.0832 0688  HpSAMD - ok
21:51:19.0863 0688  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:51:19.0925 0688  HTTP - ok
21:51:19.0941 0688  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:51:19.0941 0688  hwpolicy - ok
21:51:19.0972 0688  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:51:19.0988 0688  i8042prt - ok
21:51:20.0019 0688  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:51:20.0050 0688  iaStorV - ok
21:51:20.0144 0688  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:51:20.0175 0688  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:51:20.0175 0688  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:51:20.0238 0688  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:51:20.0285 0688  idsvc - ok
21:51:20.0347 0688  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:51:20.0378 0688  iirsp - ok
21:51:20.0394 0688  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:51:20.0457 0688  IKEEXT - ok
21:51:20.0472 0688  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:51:20.0488 0688  intelide - ok
21:51:20.0503 0688  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
21:51:20.0535 0688  intelppm - ok
21:51:20.0550 0688  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:51:20.0582 0688  IPBusEnum - ok
21:51:20.0597 0688  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:51:20.0628 0688  IpFilterDriver - ok
21:51:20.0660 0688  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:51:20.0722 0688  iphlpsvc - ok
21:51:20.0738 0688  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:51:20.0753 0688  IPMIDRV - ok
21:51:20.0769 0688  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:51:20.0816 0688  IPNAT - ok
21:51:20.0832 0688  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:51:20.0847 0688  IRENUM - ok
21:51:20.0878 0688  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:51:20.0878 0688  isapnp - ok
21:51:20.0894 0688  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:51:20.0910 0688  iScsiPrt - ok
21:51:20.0925 0688  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:51:20.0941 0688  kbdclass - ok
21:51:20.0957 0688  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:51:20.0972 0688  kbdhid - ok
21:51:20.0988 0688  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:51:21.0003 0688  KeyIso - ok
21:51:21.0035 0688  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:51:21.0035 0688  KSecDD - ok
21:51:21.0050 0688  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:51:21.0066 0688  KSecPkg - ok
21:51:21.0082 0688  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:51:21.0113 0688  ksthunk - ok
21:51:21.0128 0688  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:51:21.0175 0688  KtmRm - ok
21:51:21.0207 0688  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:51:21.0253 0688  LanmanServer - ok
21:51:21.0285 0688  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:51:21.0332 0688  LanmanWorkstation - ok
21:51:21.0347 0688  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:51:21.0394 0688  lltdio - ok
21:51:21.0425 0688  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:51:21.0472 0688  lltdsvc - ok
21:51:21.0488 0688  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:51:21.0535 0688  lmhosts - ok
21:51:21.0566 0688  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:51:21.0597 0688  LSI_FC - ok
21:51:21.0613 0688  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:51:21.0628 0688  LSI_SAS - ok
21:51:21.0644 0688  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:51:21.0644 0688  LSI_SAS2 - ok
21:51:21.0660 0688  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:51:21.0675 0688  LSI_SCSI - ok
21:51:21.0691 0688  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:51:21.0769 0688  luafv - ok
21:51:21.0785 0688  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:51:21.0816 0688  Mcx2Svc - ok
21:51:21.0832 0688  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:51:21.0832 0688  megasas - ok
21:51:21.0863 0688  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:51:21.0878 0688  MegaSR - ok
21:51:21.0941 0688  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:51:21.0972 0688  Microsoft Office Groove Audit Service - ok
21:51:22.0003 0688  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:51:22.0066 0688  MMCSS - ok
21:51:22.0082 0688  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:51:22.0128 0688  Modem - ok
21:51:22.0160 0688  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:51:22.0207 0688  monitor - ok
21:51:22.0238 0688  [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
21:51:22.0253 0688  MotioninJoyXFilter - ok
21:51:22.0269 0688  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:51:22.0285 0688  mouclass - ok
21:51:22.0300 0688  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:51:22.0316 0688  mouhid - ok
21:51:22.0332 0688  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:51:22.0347 0688  mountmgr - ok
21:51:22.0378 0688  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:51:22.0394 0688  MozillaMaintenance - ok
21:51:22.0410 0688  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:51:22.0425 0688  mpio - ok
21:51:22.0441 0688  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:51:22.0472 0688  mpsdrv - ok
21:51:22.0519 0688  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:51:22.0597 0688  MpsSvc - ok
21:51:22.0613 0688  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:51:22.0644 0688  MRxDAV - ok
21:51:22.0675 0688  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:51:22.0707 0688  mrxsmb - ok
21:51:22.0722 0688  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:51:22.0738 0688  mrxsmb10 - ok
21:51:22.0738 0688  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:51:22.0753 0688  mrxsmb20 - ok
21:51:22.0769 0688  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:51:22.0785 0688  msahci - ok
21:51:22.0800 0688  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:51:22.0816 0688  msdsm - ok
21:51:22.0816 0688  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:51:22.0847 0688  MSDTC - ok
21:51:22.0878 0688  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:51:22.0925 0688  Msfs - ok
21:51:22.0925 0688  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:51:22.0972 0688  mshidkmdf - ok
21:51:22.0988 0688  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:51:23.0003 0688  msisadrv - ok
21:51:23.0035 0688  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:51:23.0082 0688  MSiSCSI - ok
21:51:23.0082 0688  msiserver - ok
21:51:23.0113 0688  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:51:23.0144 0688  MSKSSRV - ok
21:51:23.0175 0688  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:51:23.0207 0688  MSPCLOCK - ok
21:51:23.0222 0688  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:51:23.0253 0688  MSPQM - ok
21:51:23.0269 0688  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:51:23.0285 0688  MsRPC - ok
21:51:23.0300 0688  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:51:23.0316 0688  mssmbios - ok
21:51:23.0332 0688  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:51:23.0363 0688  MSTEE - ok
21:51:23.0378 0688  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:51:23.0394 0688  MTConfig - ok
21:51:23.0410 0688  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:51:23.0410 0688  Mup - ok
21:51:23.0441 0688  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:51:23.0472 0688  napagent - ok
21:51:23.0488 0688  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:51:23.0535 0688  NativeWifiP - ok
21:51:23.0566 0688  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:51:23.0582 0688  NDIS - ok
21:51:23.0597 0688  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:51:23.0628 0688  NdisCap - ok
21:51:23.0644 0688  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:51:23.0675 0688  NdisTapi - ok
21:51:23.0691 0688  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:51:23.0738 0688  Ndisuio - ok
21:51:23.0753 0688  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:51:23.0785 0688  NdisWan - ok
21:51:23.0800 0688  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:51:23.0847 0688  NDProxy - ok
21:51:23.0863 0688  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:51:23.0894 0688  NetBIOS - ok
21:51:23.0910 0688  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:51:23.0941 0688  NetBT - ok
21:51:23.0957 0688  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:51:23.0972 0688  Netlogon - ok
21:51:24.0019 0688  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:51:24.0066 0688  Netman - ok
21:51:24.0082 0688  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:51:24.0128 0688  netprofm - ok
21:51:24.0160 0688  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:51:24.0175 0688  NetTcpPortSharing - ok
21:51:24.0207 0688  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:51:24.0207 0688  nfrd960 - ok
21:51:24.0253 0688  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:51:24.0269 0688  NlaSvc - ok
21:51:24.0316 0688  [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
21:51:24.0332 0688  nmwcd - ok
21:51:24.0363 0688  [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
21:51:24.0394 0688  nmwcdc - ok
21:51:24.0410 0688  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:51:24.0441 0688  Npfs - ok
21:51:24.0472 0688  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:51:24.0535 0688  nsi - ok
21:51:24.0550 0688  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:51:24.0597 0688  nsiproxy - ok
21:51:24.0660 0688  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:51:24.0722 0688  Ntfs - ok
21:51:24.0722 0688  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:51:24.0753 0688  Null - ok
21:51:24.0785 0688  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
21:51:24.0816 0688  NVENETFD - ok
21:51:24.0863 0688  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
21:51:24.0878 0688  NVHDA - ok
21:51:25.0066 0688  [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:51:25.0207 0688  nvlddmkm - ok
21:51:25.0238 0688  [ 956A1F47826514C1EA0C295FE13C7377 ] NVNET           C:\Windows\system32\DRIVERS\nvmf6264.sys
21:51:25.0238 0688  NVNET - ok
21:51:25.0253 0688  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:51:25.0269 0688  nvraid - ok
21:51:25.0285 0688  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:51:25.0300 0688  nvstor - ok
21:51:25.0316 0688  [ 662A129CEBB4C0B01F95612A7F6DCC9A ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
21:51:25.0332 0688  nvstor64 - ok
21:51:25.0363 0688  [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:51:25.0394 0688  nvsvc - ok
21:51:25.0488 0688  [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:51:25.0535 0688  nvUpdatusService - ok
21:51:25.0566 0688  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:51:25.0597 0688  nv_agp - ok
21:51:25.0675 0688  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:51:25.0722 0688  odserv - ok
21:51:25.0738 0688  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:51:25.0753 0688  ohci1394 - ok
21:51:25.0785 0688  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:51:25.0800 0688  ose - ok
21:51:25.0832 0688  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:51:25.0863 0688  p2pimsvc - ok
21:51:25.0878 0688  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:51:25.0910 0688  p2psvc - ok
21:51:25.0941 0688  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:51:26.0003 0688  Parport - ok
21:51:26.0019 0688  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:51:26.0035 0688  partmgr - ok
21:51:26.0050 0688  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:51:26.0097 0688  PcaSvc - ok
21:51:26.0113 0688  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:51:26.0128 0688  pci - ok
21:51:26.0128 0688  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:51:26.0144 0688  pciide - ok
21:51:26.0160 0688  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:51:26.0175 0688  pcmcia - ok
21:51:26.0191 0688  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:51:26.0207 0688  pcw - ok
21:51:26.0222 0688  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:51:26.0269 0688  PEAUTH - ok
21:51:26.0378 0688  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:51:26.0425 0688  PerfHost - ok
21:51:26.0472 0688  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:51:26.0535 0688  pla - ok
21:51:26.0582 0688  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:51:26.0613 0688  PlugPlay - ok
21:51:26.0644 0688  PnkBstrA - ok
21:51:26.0660 0688  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:51:26.0691 0688  PNRPAutoReg - ok
21:51:26.0707 0688  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:51:26.0722 0688  PNRPsvc - ok
21:51:26.0753 0688  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:51:26.0832 0688  PolicyAgent - ok
21:51:26.0863 0688  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:51:26.0910 0688  Power - ok
21:51:26.0925 0688  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:51:27.0003 0688  PptpMiniport - ok
21:51:27.0003 0688  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
21:51:27.0035 0688  Processor - ok
21:51:27.0050 0688  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:51:27.0082 0688  ProfSvc - ok
21:51:27.0097 0688  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:51:27.0113 0688  ProtectedStorage - ok
21:51:27.0144 0688  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:51:27.0191 0688  Psched - ok
21:51:27.0222 0688  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:51:27.0269 0688  ql2300 - ok
21:51:27.0285 0688  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:51:27.0300 0688  ql40xx - ok
21:51:27.0332 0688  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:51:27.0347 0688  QWAVE - ok
21:51:27.0363 0688  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:51:27.0378 0688  QWAVEdrv - ok
21:51:27.0410 0688  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:51:27.0441 0688  RasAcd - ok
21:51:27.0457 0688  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:51:27.0488 0688  RasAgileVpn - ok
21:51:27.0503 0688  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:51:27.0550 0688  RasAuto - ok
21:51:27.0566 0688  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:51:27.0597 0688  Rasl2tp - ok
21:51:27.0613 0688  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:51:27.0660 0688  RasMan - ok
21:51:27.0675 0688  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:51:27.0707 0688  RasPppoe - ok
21:51:27.0738 0688  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:51:27.0800 0688  RasSstp - ok
21:51:27.0816 0688  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:51:27.0847 0688  rdbss - ok
21:51:27.0863 0688  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:51:27.0878 0688  rdpbus - ok
21:51:27.0910 0688  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:51:27.0941 0688  RDPCDD - ok
21:51:27.0941 0688  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:51:27.0988 0688  RDPENCDD - ok
21:51:28.0003 0688  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:51:28.0035 0688  RDPREFMP - ok
21:51:28.0050 0688  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:51:28.0082 0688  RDPWD - ok
21:51:28.0113 0688  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:51:28.0128 0688  rdyboost - ok
21:51:28.0144 0688  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:51:28.0175 0688  RemoteAccess - ok
21:51:28.0191 0688  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:51:28.0238 0688  RemoteRegistry - ok
21:51:28.0269 0688  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:51:28.0300 0688  RpcEptMapper - ok
21:51:28.0316 0688  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:51:28.0347 0688  RpcLocator - ok
21:51:28.0363 0688  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:51:28.0394 0688  RpcSs - ok
21:51:28.0441 0688  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:51:28.0503 0688  rspndr - ok
21:51:28.0503 0688  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:51:28.0519 0688  SamSs - ok
21:51:28.0582 0688  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:51:28.0613 0688  SASDIFSV - ok
21:51:28.0628 0688  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:51:28.0628 0688  SASKUTIL - ok
21:51:28.0644 0688  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:51:28.0660 0688  sbp2port - ok
21:51:28.0691 0688  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:51:28.0722 0688  SCardSvr - ok
21:51:28.0738 0688  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:51:28.0769 0688  scfilter - ok
21:51:28.0800 0688  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:51:28.0863 0688  Schedule - ok
21:51:28.0894 0688  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:51:28.0941 0688  SCPolicySvc - ok
21:51:28.0957 0688  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:51:28.0988 0688  SDRSVC - ok
21:51:29.0019 0688  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:51:29.0097 0688  secdrv - ok
21:51:29.0113 0688  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:51:29.0144 0688  seclogon - ok
21:51:29.0160 0688  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:51:29.0207 0688  SENS - ok
21:51:29.0222 0688  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:51:29.0238 0688  SensrSvc - ok
21:51:29.0253 0688  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:51:29.0285 0688  Serenum - ok
21:51:29.0300 0688  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:51:29.0332 0688  Serial - ok
21:51:29.0347 0688  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:51:29.0363 0688  sermouse - ok
21:51:29.0394 0688  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:51:29.0441 0688  SessionEnv - ok
21:51:29.0441 0688  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:51:29.0457 0688  sffdisk - ok
21:51:29.0457 0688  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:51:29.0472 0688  sffp_mmc - ok
21:51:29.0472 0688  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:51:29.0503 0688  sffp_sd - ok
21:51:29.0503 0688  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:51:29.0519 0688  sfloppy - ok
21:51:29.0535 0688  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:51:29.0582 0688  SharedAccess - ok
21:51:29.0628 0688  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:51:29.0675 0688  ShellHWDetection - ok
21:51:29.0691 0688  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:51:29.0707 0688  SiSRaid2 - ok
21:51:29.0722 0688  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:51:29.0738 0688  SiSRaid4 - ok
21:51:29.0753 0688  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:51:29.0800 0688  Smb - ok
21:51:29.0832 0688  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:51:29.0863 0688  SNMPTRAP - ok
21:51:29.0878 0688  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:51:29.0878 0688  spldr - ok
21:51:29.0910 0688  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:51:29.0925 0688  Spooler - ok
21:51:30.0003 0688  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:51:30.0128 0688  sppsvc - ok
21:51:30.0128 0688  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:51:30.0160 0688  sppuinotify - ok
21:51:30.0207 0688  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:51:30.0253 0688  srv - ok
21:51:30.0285 0688  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:51:30.0347 0688  srv2 - ok
21:51:30.0394 0688  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:51:30.0425 0688  srvnet - ok
21:51:30.0472 0688  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:51:30.0519 0688  SSDPSRV - ok
21:51:30.0550 0688  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:51:30.0582 0688  SstpSvc - ok
21:51:30.0675 0688  [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:51:30.0722 0688  Stereo Service - ok
21:51:30.0753 0688  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:51:30.0769 0688  stexstor - ok
21:51:30.0816 0688  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:51:30.0894 0688  stisvc - ok
21:51:30.0910 0688  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:51:30.0910 0688  swenum - ok
21:51:30.0941 0688  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:51:30.0988 0688  swprv - ok
21:51:31.0191 0688  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:51:31.0253 0688  SysMain - ok
21:51:31.0269 0688  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:51:31.0285 0688  TabletInputService - ok
21:51:31.0300 0688  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:51:31.0347 0688  TapiSrv - ok
21:51:31.0363 0688  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:51:31.0394 0688  TBS - ok
21:51:31.0472 0688  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:51:31.0535 0688  Tcpip - ok
21:51:31.0566 0688  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:51:31.0597 0688  TCPIP6 - ok
21:51:31.0660 0688  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:51:31.0675 0688  tcpipreg - ok
21:51:31.0707 0688  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:51:31.0722 0688  TDPIPE - ok
21:51:31.0738 0688  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:51:31.0769 0688  TDTCP - ok
21:51:31.0769 0688  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:51:31.0800 0688  tdx - ok
21:51:31.0832 0688  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:51:31.0847 0688  TermDD - ok
21:51:31.0894 0688  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:51:31.0941 0688  TermService - ok
21:51:31.0957 0688  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:51:31.0988 0688  Themes - ok
21:51:31.0988 0688  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:51:32.0019 0688  THREADORDER - ok
21:51:32.0035 0688  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:51:32.0082 0688  TrkWks - ok
21:51:32.0144 0688  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:51:32.0207 0688  TrustedInstaller - ok
21:51:32.0222 0688  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:51:32.0269 0688  tssecsrv - ok
21:51:32.0300 0688  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:51:32.0347 0688  TsUsbFlt - ok
21:51:32.0363 0688  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:51:32.0378 0688  TsUsbGD - ok
21:51:32.0394 0688  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:51:32.0441 0688  tunnel - ok
21:51:32.0457 0688  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:51:32.0457 0688  uagp35 - ok
21:51:32.0472 0688  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:51:32.0519 0688  udfs - ok
21:51:32.0535 0688  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:51:32.0566 0688  UI0Detect - ok
21:51:32.0566 0688  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:51:32.0582 0688  uliagpkx - ok
21:51:32.0597 0688  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:51:32.0628 0688  umbus - ok
21:51:32.0660 0688  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:51:32.0675 0688  UmPass - ok
21:51:32.0753 0688  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:51:32.0847 0688  upnphost - ok
21:51:32.0878 0688  [ 4E93C8496359E97830C75AC36393654D ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
21:51:32.0910 0688  upperdev - ok
21:51:32.0941 0688  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:51:32.0957 0688  usbccgp - ok
21:51:32.0988 0688  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:51:33.0003 0688  usbcir - ok
21:51:33.0019 0688  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:51:33.0035 0688  usbehci - ok
21:51:33.0066 0688  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:51:33.0097 0688  usbhub - ok
21:51:33.0113 0688  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:51:33.0128 0688  usbohci - ok
21:51:33.0144 0688  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
21:51:33.0175 0688  usbprint - ok
21:51:33.0207 0688  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
21:51:33.0222 0688  usbser - ok
21:51:33.0238 0688  [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
21:51:33.0269 0688  UsbserFilt - ok
21:51:33.0285 0688  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:51:33.0316 0688  USBSTOR - ok
21:51:33.0332 0688  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:51:33.0347 0688  usbuhci - ok
21:51:33.0378 0688  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:51:33.0425 0688  UxSms - ok
21:51:33.0441 0688  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:51:33.0457 0688  VaultSvc - ok
21:51:33.0503 0688  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:51:33.0519 0688  vdrvroot - ok
21:51:33.0535 0688  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:51:33.0582 0688  vds - ok
21:51:33.0582 0688  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:51:33.0597 0688  vga - ok
21:51:33.0613 0688  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:51:33.0660 0688  VgaSave - ok
21:51:33.0675 0688  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:51:33.0691 0688  vhdmp - ok
21:51:33.0753 0688  [ 906A7C6B6659A650648CF21998270945 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
21:51:33.0785 0688  VIAHdAudAddService - ok
21:51:33.0800 0688  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:51:33.0816 0688  viaide - ok
21:51:33.0832 0688  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:51:33.0832 0688  volmgr - ok
21:51:33.0863 0688  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:51:33.0878 0688  volmgrx - ok
21:51:33.0878 0688  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:51:33.0910 0688  volsnap - ok
21:51:33.0941 0688  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:51:33.0957 0688  vsmraid - ok
21:51:34.0003 0688  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:51:34.0113 0688  VSS - ok
21:51:34.0128 0688  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:51:34.0144 0688  vwifibus - ok
21:51:34.0175 0688  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:51:34.0207 0688  W32Time - ok
21:51:34.0222 0688  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:51:34.0253 0688  WacomPen - ok
21:51:34.0285 0688  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:51:34.0316 0688  WANARP - ok
21:51:34.0332 0688  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:51:34.0363 0688  Wanarpv6 - ok
21:51:34.0457 0688  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:51:34.0519 0688  wbengine - ok
21:51:34.0535 0688  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:51:34.0550 0688  WbioSrvc - ok
21:51:34.0566 0688  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:51:34.0597 0688  wcncsvc - ok
21:51:34.0613 0688  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:51:34.0628 0688  WcsPlugInService - ok
21:51:34.0644 0688  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
21:51:34.0660 0688  Wd - ok
21:51:34.0753 0688  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:51:34.0816 0688  Wdf01000 - ok
21:51:34.0832 0688  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:51:34.0863 0688  WdiServiceHost - ok
21:51:34.0863 0688  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:51:34.0894 0688  WdiSystemHost - ok
21:51:34.0910 0688  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:51:34.0941 0688  WebClient - ok
21:51:34.0957 0688  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:51:35.0003 0688  Wecsvc - ok
21:51:35.0003 0688  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:51:35.0035 0688  wercplsupport - ok
21:51:35.0066 0688  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:51:35.0097 0688  WerSvc - ok
21:51:35.0144 0688  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:51:35.0175 0688  WfpLwf - ok
21:51:35.0191 0688  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:51:35.0207 0688  WIMMount - ok
21:51:35.0207 0688  WinDefend - ok
21:51:35.0222 0688  WinHttpAutoProxySvc - ok
21:51:35.0457 0688  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:51:35.0519 0688  Winmgmt - ok
21:51:35.0644 0688  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:51:35.0785 0688  WinRM - ok
21:51:35.0816 0688  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:51:35.0863 0688  WinUsb - ok
21:51:35.0925 0688  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:51:35.0988 0688  Wlansvc - ok
21:51:36.0113 0688  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:51:36.0175 0688  wlidsvc - ok
21:51:36.0191 0688  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:51:36.0207 0688  WmiAcpi - ok
21:51:36.0238 0688  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:51:36.0269 0688  wmiApSrv - ok
21:51:36.0285 0688  WMPNetworkSvc - ok
21:51:36.0316 0688  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:51:36.0332 0688  WPCSvc - ok
21:51:36.0347 0688  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:51:36.0363 0688  WPDBusEnum - ok
21:51:36.0378 0688  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:51:36.0410 0688  ws2ifsl - ok
21:51:36.0441 0688  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:51:36.0503 0688  wscsvc - ok
21:51:36.0503 0688  WSearch - ok
21:51:36.0582 0688  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:51:36.0660 0688  wuauserv - ok
21:51:36.0691 0688  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:51:36.0707 0688  WudfPf - ok
21:51:36.0738 0688  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:51:36.0738 0688  WUDFRd - ok
21:51:36.0769 0688  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:51:36.0785 0688  wudfsvc - ok
21:51:36.0816 0688  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:51:36.0847 0688  WwanSvc - ok
21:51:36.0878 0688  [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
21:51:36.0894 0688  xusb21 - ok
21:51:36.0910 0688  ================ Scan global ===============================
21:51:36.0925 0688  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:51:36.0957 0688  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
21:51:36.0972 0688  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
21:51:36.0988 0688  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:51:37.0019 0688  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:51:37.0035 0688  [Global] - ok
21:51:37.0035 0688  ================ Scan MBR ==================================
21:51:37.0050 0688  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:51:40.0894 0688  \Device\Harddisk0\DR0 - ok
21:51:40.0894 0688  ================ Scan VBR ==================================
21:51:40.0925 0688  [ 883D4C2AF44E7ECC7436AD9EEE911438 ] \Device\Harddisk0\DR0\Partition1
21:51:41.0003 0688  \Device\Harddisk0\DR0\Partition1 - ok
21:51:41.0035 0688  [ 77CEBF1EDBF90004E6FC03B62BED943D ] \Device\Harddisk0\DR0\Partition2
21:51:41.0128 0688  \Device\Harddisk0\DR0\Partition2 - ok
21:51:41.0128 0688  ============================================================
21:51:41.0128 0688  Scan finished
21:51:41.0128 0688  ============================================================
21:51:41.0144 1568  Detected object count: 1
21:51:41.0144 1568  Actual detected object count: 1
21:51:45.0019 1568  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:45.0019 1568  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:51:53.0160 3364  Deinitialize success
         
Einer da ?

Alt 23.01.2013, 11:39   #8
markusg
/// Malware-holic
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



hab auch noch anderes zu tun als euch zu helfen....
wenns dir nicht schnell genug geht, geh in ein PC geschäft, da musst du für getane arbeit bezahlen.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.01.2013, 15:56   #9
40erdem
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



Auch das habe ich getan.

Code:
ATTFilter
ComboFix 13-01-23.01 - Yegit 23.01.2013  16:48:41.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8191.6846 [GMT 1:00]
ausgeführt von:: c:\users\Yegit\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-23 bis 2013-01-23  ))))))))))))))))))))))))))))))
.
.
2013-01-23 15:52 . 2013-01-23 15:52	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-01-23 15:52 . 2013-01-23 15:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-22 20:44 . 2013-01-22 20:44	--------	d-----w-	C:\_OTL
2013-01-22 13:23 . 2013-01-08 05:32	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDF267D7-3FA8-46F8-B3DC-5FDA595BEBE6}\mpengine.dll
2013-01-19 22:16 . 2013-01-19 22:16	--------	d-----w-	c:\windows\de
2013-01-19 22:15 . 2013-01-19 22:15	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-01-19 22:14 . 2013-01-19 22:15	--------	d-----w-	c:\program files (x86)\Windows Live
2013-01-19 22:12 . 2013-01-19 22:16	--------	d-----w-	c:\users\Yegit\AppData\Local\Windows Live
2013-01-19 22:11 . 2013-01-19 22:11	--------	d-----w-	c:\program files (x86)\Common Files\Windows Live
2013-01-09 14:56 . 2012-11-30 05:45	362496	----a-w-	c:\windows\system32\wow64win.dll
2013-01-06 03:31 . 2013-01-06 03:31	--------	d-----w-	c:\program files (x86)\MSI Afterburner
2013-01-06 00:21 . 2013-01-06 00:21	--------	d-----w-	c:\users\Yegit\AppData\Roaming\NVIDIA
2013-01-06 00:21 . 2013-01-06 00:21	--------	d-----w-	c:\program files (x86)\Geeks3D
2013-01-05 23:45 . 2013-01-05 23:45	--------	d-----w-	c:\program files\CPUID
2012-12-29 01:54 . 2012-12-29 01:54	550328	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2012-12-27 01:58 . 2012-12-27 01:58	--------	d-----w-	c:\program files (x86)\AGEIA Technologies
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 19:44 . 2012-10-03 08:55	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-08 23:23 . 2012-10-03 09:28	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 23:23 . 2012-10-03 09:28	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-29 10:34 . 2012-10-03 09:30	2824656	----a-w-	c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2012-10-03 09:30	2504248	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2012-10-03 09:30	15052368	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2012-10-03 09:30	1504696	----a-w-	c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-10-03 09:30	1107592	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-12-29 10:34 . 2012-02-09 20:43	1813432	----a-w-	c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-02-09 20:43	12641120	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 08:40 . 2012-10-03 09:31	3455416	----a-w-	c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2012-10-03 09:31	6382008	----a-w-	c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2012-10-03 09:31	2923201	----a-w-	c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2012-10-03 09:31	884152	----a-w-	c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2012-10-03 09:31	63928	----a-w-	c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2012-10-03 09:31	2558392	----a-w-	c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2012-10-03 09:31	118712	----a-w-	c:\windows\system32\nvmctray.dll
2012-12-16 17:11 . 2012-12-21 11:24	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 11:24	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:24	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 11:24	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-02 22:04 . 2012-12-02 21:40	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-12-02 22:04 . 2012-12-02 17:33	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-12-02 22:03 . 2012-12-02 17:33	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-12-02 21:45 . 2012-12-02 17:33	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-11-30 04:45 . 2013-01-09 14:56	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-22 14:34 . 2012-11-22 14:34	57344	----a-r-	c:\users\Yegit\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-11-22 14:32 . 2012-11-22 14:33	106496	----a-w-	c:\windows\SysWow64\ATL71.DLL
2012-11-14 07:06 . 2012-12-12 16:11	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 16:11	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 16:11	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 16:11	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 16:11	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 16:11	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 16:11	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 16:11	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 16:11	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 16:11	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 16:11	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 16:11	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 16:11	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 16:11	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 16:11	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 16:11	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 16:11	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 16:11	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 16:11	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 16:11	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 16:11	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 16:11	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 15:47	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 15:47	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-06 13:13 . 2012-11-06 13:13	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-06 13:13 . 2012-11-06 13:13	289768	----a-w-	c:\windows\system32\javaws.exe
2012-11-06 13:13 . 2012-11-06 13:13	189416	----a-w-	c:\windows\system32\javaw.exe
2012-11-06 13:13 . 2012-11-06 13:13	188904	----a-w-	c:\windows\system32\java.exe
2012-11-06 13:13 . 2012-11-06 13:11	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-06 13:13 . 2012-11-06 13:11	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-02 05:59 . 2012-12-12 15:46	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 15:46	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-10-30 22:51 . 2012-10-03 09:27	59728	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-03 09:27	370288	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-03 09:27	984144	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-03 09:27	71600	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-10-03 09:27	25232	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-03 09:27	41224	----a-w-	c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-03 09:27	227648	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-10-03 09:27	285328	----a-w-	c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 23:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	133400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&userid=EB_USER_ID&ctid=CT2481020&SSPV=IESB15
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.10
TCP: Interfaces\{6DDF6CF0-BAC4-4757-A36D-FE7FAB60D20F}: DhcpNameServer = 192.168.0.10
FF - ProfilePath - c:\users\Yegit\AppData\Roaming\Mozilla\Firefox\Profiles\dqox3c90.default\
FF - prefs.js: browser.search.selectedEngine - Ashampoo DE Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=2&q=
FF - prefs.js: network.proxy.http - 87.106.246.207
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 57cd47fc-e8e5-4dcf-8f2e-b964cd8d1116
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-23  16:54:46
ComboFix-quarantined-files.txt  2013-01-23 15:54
.
Vor Suchlauf: 10 Verzeichnis(se), 411.034.443.776 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 410.882.891.776 Bytes frei
.
- - End Of File - - EBFFFB0C0654059FAF4F6EFFD9067030
         

Alt 23.01.2013, 17:39   #10
markusg
/// Malware-holic
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



bisher sehe ich nur noch ein wenig adware, nichts schlimmeres.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.01.2013, 13:28   #11
40erdem
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yegit :: WINDOWS [Administrator]

24.01.2013 13:58:21
mbam-log-2013-01-24 (13-58-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 384238
Laufzeit: 28 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 24.01.2013, 14:55   #12
markusg
/// Malware-holic
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



gabs noch Probleme?
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.01.2013, 15:53   #13
40erdem
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



Code:
ATTFilter
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	08.01.2013	6,00MB	11.5.502.146 (notwenig, denke ich)
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.01.2013	6,00MB	11.5.502.146 (notwendig, denke ich)
Adobe Reader X (10.1.5) - Deutsch	Adobe Systems Incorporated	11.01.2013	121MB	10.1.5 (notwendig)
Apple Application Support	Apple Inc.	22.11.2012	52,8MB	1.4.1 (wenn es keine Systemdatei ist, nicht notwendig)
ArcSoft Panorama Maker 5	ArcSoft	22.11.2012		5.0.1.25 (notwendig)
Ashampoo Burning Studio 6 FREE v.6.81	Ashampoo GmbH & Co. KG	25.11.2012	34,0MB	6.8.1 (notwendig)
ASRock App Charger v1.0.4	ASRock Inc.	03.10.2012	1,34MB	(notwendig)
avast! Free Antivirus	AVAST Software	05.11.2012		7.0.1474.0 (notwendig)
Battlefield 3™	Electronic Arts	02.12.2012		1.4.0.0 (notwendig)
Battlelog Web Plugins	EA Digital Illusions CE AB	02.12.2012		2.1.2 (notwendig)
CCleaner	Piriform	19.12.2012		3.26 (notwendig)
CPUID HWMonitor 1.21		06.01.2013	2,41MB	(notwendig)
ESN Sonar	ESN Social Software AB	02.12.2012		0.70.4 (Kenne ich nicht, finde dieses Programm auch nicht)
FIFA 13	Electronic Arts	03.01.2013	5,28GB	1.6.0.0 (notwendig)
Geeks3D.com FurMark 1.10.3	Geeks3D.com	06.01.2013	6,99MB	(notwendig)
Java 7 Update 9	Oracle	03.10.2012	128MB	7.0.90 (notwendig)
Java 7 Update 9 (64-bit)	Oracle	06.11.2012	127MB	7.0.90 (notwendig)
JDownloader 0.9	AppWork GmbH	13.11.2012		0.9 (nicht notwendig)
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	24.01.2013	18,4MB	1.70.0.1100 (notwendig)
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	03.10.2012	38,8MB	4.0.30319 (notwendig)
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	03.10.2012	2,93MB	4.0.30319 (notwendig)
Microsoft Office Enterprise 2007	Microsoft Corporation	25.11.2012		12.0.6612.1000 (notwendig)
Microsoft Office File Validation Add-In	Microsoft Corporation	03.12.2012	7,95MB	14.0.5130.5003 (Weiß ich nicht)
Microsoft Office Live Add-in 1.5	Microsoft Corporation	02.12.2012	508KB	2.0.4024.1 (Weiß ich nicht)
Microsoft Silverlight	Microsoft Corporation	25.11.2012	20,5MB	4.1.10329.0 (Weiß ich nicht)
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	19.01.2013	1,69MB	3.1.0000 (notwendig)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	27.12.2012	788KB	9.0.30729 (notwendig)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	28.12.2012	788KB	9.0.30729.6161 (notwendig)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	02.12.2012	240KB	9.0.30729 (notwendig)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	03.10.2012	596KB	9.0.30729.4148 (notwendig)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	25.11.2012	600KB	9.0.30729.6161 (notwendig)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	25.11.2012	13,8MB	10.0.40219 (notwendig)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	25.11.2012	15,0MB	10.0.40219 (notwendig)
MotioninJoy Gamepad tool 0.7.1001	www.motioninjoy.com	03.10.2012	3,89MB	0.7.1001 (notwendig)
Mozilla Firefox 18.0.1 (x86 de)	Mozilla	19.01.2013	43,2MB	18.0.1 (notwendig)
Mozilla Maintenance Service	Mozilla	19.01.2013	330KB	18.0.1 (Weiß ich nicht)
MSI Afterburner 2.3.0	MSI Co., LTD	06.01.2013		2.3.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	22.11.2012	1,27MB	4.20.9870.0 (weiß ich nicht)
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	22.11.2012	1,33MB	4.20.9876.0 (weiß ich nicht)
Nexon Game Manager		23.12.2012		(notwendig)
Nikon Message Center 2	Nikon	22.11.2012	9,42MB	2.1.0 (notwendig)
Nikon Movie Editor	Nikon	22.11.2012	30,7MB	2.6.0 (notwendig)
Nokia Connectivity Cable Driver		04.12.2012		7.1.32.69
NVIDIA 3D Vision Controller-Treiber 310.90	NVIDIA Corporation	23.01.2013		310.90 (notwendig)
NVIDIA 3D Vision Treiber 310.90	NVIDIA Corporation	23.01.2013		310.90 (notwendig)
NVIDIA Drivers	NVIDIA Corporation	03.10.2012	3,25MB	1.4 (notwendig)
NVIDIA Grafiktreiber 310.90	NVIDIA Corporation	23.01.2013		310.90 (notwendig)
NVIDIA HD-Audiotreiber 1.3.18.0	NVIDIA Corporation	23.01.2013		1.3.18.0 (notwendig)
NVIDIA PhysX-Systemsoftware 9.12.1031	NVIDIA Corporation	27.12.2012		9.12.1031 (notwendig)
NVIDIA Update 1.11.3	NVIDIA Corporation	23.01.2013		1.11.3 (notwendig)
Origin	Electronic Arts, Inc.	03.10.2012		9.0.13.2142 (notwendig)
Picture Control Utility	Nikon	22.11.2012	27,7MB	1.4.7 ((notwendig)
PunkBuster Services	Even Balance, Inc.	02.12.2012		0.991 (notwendig)
SopCast 3.5.0	www.sopcast.com	09.12.2012		3.5.0 (nicht notwendig)
SUPERAntiSpyware	SUPERAntiSpyware.com	03.10.2012	154MB	5.5.1022 (notwendig)
System Requirements Lab CYRI	Husdawg, LLC	04.12.2012	579KB	5.0.6.0 (notwendig)
VIA Plattform-Geräte-Manager	VIA Technologies, Inc.	03.10.2012	2,61MB	1.34 (notwendig)
ViewNX 2	Nikon	22.11.2012	54,6MB	2.6.0 (Weiß ich nicht)
WarRock		23.12.2012		 (notwendig)
Windows Live Essentials	Microsoft Corporation	19.01.2013		16.4.3505.0912 (notwendig)
WinRAR 4.20 (64-Bit)	win.rar GmbH	03.10.2012		4.20.0 (notwendig)
Yontoo 1.10.02	Yontoo LLC	10.08.2012	1,29MB	1.10.02 (Finde das Programm auch nicht)
         

Alt 24.01.2013, 21:06   #14
markusg
/// Malware-holic
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Java : beide
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
JDownloader
SopCast
SUPERAntiSpyware : kann man drauf verzichten, findet häufig nur kookies.

öffne CCleaner, analysieren, starten, PC neustarten.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.01.2013, 14:11   #15
40erdem
 
Arbeitsplatz öffnete sich mehrmals ! - Standard

Arbeitsplatz öffnete sich mehrmals !



Ok

Code:
ATTFilter
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	26.01.2013	6,00MB	11.5.502.146 (notwendig)
Adobe Reader XI (11.0.01) - Deutsch	Adobe Systems Incorporated	26.01.2013	132MB	11.0.01(notwendig)
Apple Application Support	Apple Inc.	22.11.2012	52,8MB	1.4.1 (unbekannt)
ArcSoft Panorama Maker 5	ArcSoft	22.11.2012		5.0.1.25 (notwendig)
Ashampoo Burning Studio 6 FREE v.6.81	Ashampoo GmbH & Co. KG	25.11.2012	34,0MB	6.8.1 (notwendig)
ASRock App Charger v1.0.4	ASRock Inc.	03.10.2012	1,34MB	(notwendig)
avast! Free Antivirus	AVAST Software	05.11.2012		7.0.1474.0 (notwendig)
Battlefield 3™	Electronic Arts	02.12.2012		1.4.0.0 (notwendig)
Battlelog Web Plugins	EA Digital Illusions CE AB	02.12.2012		2.1.2 (notwendig)
CCleaner	Piriform	19.12.2012		3.26 (notwendig)
CPUID HWMonitor 1.21		06.01.2013	2,41MB	(notwendig)
ESN Sonar	ESN Social Software AB	02.12.2012		0.70.4 (unbekannt)
FIFA 13	Electronic Arts	03.01.2013	5,28GB	1.6.0.0 (notwendig)
Geeks3D.com FurMark 1.10.3	Geeks3D.com	06.01.2013	6,99MB	 (notwendig)
Java 7 Update 11 (64-bit)	Oracle	26.01.2013	127MB	7.0.110 (notwendig)
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	24.01.2013	18,4MB	1.70.0.1100 (notwendig)
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	03.10.2012	38,8MB	4.0.30319 (notwendig)
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	03.10.2012	2,93MB	4.0.30319 (notwendig)
Microsoft Office Enterprise 2007	Microsoft Corporation	25.11.2012		12.0.6612.1000 (notwendig)
Microsoft Office File Validation Add-In	Microsoft Corporation	03.12.2012	7,95MB	14.0.5130.5003 (notwendig)
Microsoft Office Live Add-in 1.5	Microsoft Corporation	02.12.2012	508KB	2.0.4024.1 (notwendig)
Microsoft Silverlight	Microsoft Corporation	25.11.2012	20,5MB	4.1.10329.0 (notwendig)
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	19.01.2013	1,69MB	3.1.0000 (notwendig)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	27.12.2012	788KB	9.0.30729 (notwendig)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	28.12.2012	788KB	9.0.30729.6161 (notwendig)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	02.12.2012	240KB	9.0.30729 (notwendig)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	03.10.2012	596KB	9.0.30729.4148 (notwendig)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	25.11.2012	600KB	9.0.30729.6161 (notwendig)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	25.11.2012	13,8MB	10.0.40219 (notwendig)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	25.11.2012	15,0MB	10.0.40219 (notwendig)
MotioninJoy Gamepad tool 0.7.1001	www.motioninjoy.com	03.10.2012	3,89MB	0.7.1001 (notwendig)
Mozilla Firefox 18.0.1 (x86 de)	Mozilla	19.01.2013	43,2MB	18.0.1 (notwendig)
Mozilla Maintenance Service	Mozilla	19.01.2013	330KB	18.0.1 (unbekannt)
MSI Afterburner 2.3.0	MSI Co., LTD	06.01.2013		2.3.0 (notwendig)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	22.11.2012	1,27MB	4.20.9870.0 (unbekannt)
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	22.11.2012	1,33MB	4.20.9876.0 (unbekannt)
Nexon Game Manager		23.12.2012	(notwendig)	
Nikon Message Center 2	Nikon	22.11.2012	9,42MB	2.1.0 (notwendig)
Nikon Movie Editor	Nikon	22.11.2012	30,7MB	2.6.0 (notwendig)
Nokia Connectivity Cable Driver		04.12.2012		7.1.32.69
NVIDIA 3D Vision Controller-Treiber 310.90	NVIDIA Corporation	23.01.2013		310.90 (notwendig)
NVIDIA 3D Vision Treiber 310.90	NVIDIA Corporation	23.01.2013		310.90 (notwendig)
NVIDIA Drivers	NVIDIA Corporation	03.10.2012	3,25MB	1.4 (notwendig)
NVIDIA Grafiktreiber 310.90	NVIDIA Corporation	23.01.2013		310.90 (notwendig)
NVIDIA HD-Audiotreiber 1.3.18.0	NVIDIA Corporation	23.01.2013		1.3.18.0 (notwendig)
NVIDIA PhysX-Systemsoftware 9.12.1031	NVIDIA Corporation	27.12.2012		9.12.1031 (notwendig)
NVIDIA Update 1.11.3	NVIDIA Corporation	23.01.2013		1.11.3 (notwendig)
Origin	Electronic Arts, Inc.	03.10.2012		9.0.13.2142 (notwendig)
Picture Control Utility	Nikon	22.11.2012	27,7MB	1.4.7 (notwendig)
PunkBuster Services	Even Balance, Inc.	02.12.2012		0.991 (unbekannt)
System Requirements Lab CYRI	Husdawg, LLC	04.12.2012	579KB	5.0.6.0 (notwendig)
VIA Plattform-Geräte-Manager	VIA Technologies, Inc.	03.10.2012	2,61MB	1.34 (unbekannt)
ViewNX 2	Nikon	22.11.2012	54,6MB	2.6.0 (notwendig)
WarRock		23.12.2012		(notwendig)
Windows Live Essentials	Microsoft Corporation	19.01.2013		16.4.3505.0912 (notwendig)
WinRAR 4.20 (64-Bit)	win.rar GmbH	03.10.2012		4.20.0 (notwendig)
         

Antwort

Themen zu Arbeitsplatz öffnete sich mehrmals !
arbeitsplatz, inter, interne, mehrmals, neue, origin, plötzlich, programm, rechner, sekunden, sichern, versuch, versucht, vorgehen



Ähnliche Themen: Arbeitsplatz öffnete sich mehrmals !


  1. Es öffnet sich mehrmals ein cmd fenster (schwarz) - Trojaner-check notwendig?
    Plagegeister aller Art und deren Bekämpfung - 18.10.2015 (26)
  2. Internet Explorer öffnet sich mehrmals,eigenständig im Hintergrund.
    Plagegeister aller Art und deren Bekämpfung - 01.06.2015 (8)
  3. Internetseite öffnete sich "Bundespolizei 100 Euro Strafe innerhalb 48 Stunden sonst Laptop gesperrt "
    Plagegeister aller Art und deren Bekämpfung - 16.02.2015 (5)
  4. Polizei.Warnung! Popup-Fenster öffnete sich beim Surfen
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (10)
  5. [Windows7] Computer (Arbeitsplatz) öffnet sich ständig!
    Log-Analyse und Auswertung - 28.10.2014 (11)
  6. Windos XP Professionell SP3 läuft nicht flüssig und hängt sich mehrmals auf
    Log-Analyse und Auswertung - 28.08.2014 (3)
  7. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad Öffnet sich mehrmals im Browser. :(
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (18)
  8. http://98uj8.de/s3brsn5ba66mgfzeinrum#noad öffnete sich selbstständig ca 30x
    Plagegeister aller Art und deren Bekämpfung - 02.08.2014 (4)
  9. Windows 7: http://web.longfintuna.net/ mit Warnung öffnete sich plötzlich
    Plagegeister aller Art und deren Bekämpfung - 01.10.2013 (9)
  10. Windows 7: IE öffnet sich mehrmals ungefragt (Delta Search -> bösartig)
    Log-Analyse und Auswertung - 29.08.2013 (7)
  11. Arbeitsplatz öffnet sich einfach automatisch
    Alles rund um Windows - 28.01.2013 (2)
  12. Arbeitsplatz öffnet sich einfach automatisch
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (11)
  13. Internet Explorer öffnete sich von selbst, nach Löschen des IE immer noch probleme
    Log-Analyse und Auswertung - 07.05.2010 (1)
  14. explorer (arbeitsplatz etc.) hängt sich auf
    Log-Analyse und Auswertung - 30.09.2008 (0)
  15. Internetexplorer öffnet sich ungewollt mehrmals
    Log-Analyse und Auswertung - 17.05.2008 (10)
  16. Arbeitsplatz/Esplorer lässt sich nicht öffnen
    Log-Analyse und Auswertung - 15.05.2008 (3)
  17. Arbeitsplatz braucht zich Jahreum sich zu öffnen
    Plagegeister aller Art und deren Bekämpfung - 25.11.2005 (4)

Zum Thema Arbeitsplatz öffnete sich mehrmals ! - Hallo, als ich grade beim Catten. Dafür habe ich das Programm von EA (Origin) benutzt. Plötzlich öffnete sich mein Arbeitsplatz mehrmals automatisch. Habe dann versucht, diese wegzuklicken, aber mit paar - Arbeitsplatz öffnete sich mehrmals !...
Archiv
Du betrachtest: Arbeitsplatz öffnete sich mehrmals ! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.