Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: IE Werbefenster öffnen sich willkürlich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.03.2012, 15:08   #1
kazpa
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



Hallo Trojaner-Experten,

wie auch schon Andere vor mir habe ich das Problem, dass sich seit ca. 3 Tagen willkürlich Internet Explorer Fenster mit Werbung öffnen.
Ich arbeite mit Firefox bzw. Opera.

Bisherige Gegenmaßnahmen:
Spybot search and destroy ausgeführt.
SUPERantiSpyware mehrfach ausgeführt. Es werden immer nur Adware Tracking Coockies gefunden - diese aber zahlreich. Wenn ich sie gelöscht habe besteht das oben genannte Problem für einige Zeit nicht - tritt aber irgendwann wieder auf. Ein erneuter Suchlauf bringt wieder jede Menge Cookies zum Vorschein. Ein Log ist im Anhang
Antivir hat gestern auch 3 Dateien gefunden - die Logs sind im Anhang

Ich habe Hijackthis drüber laufen lassen - hier die Logdatei (auch nochmal im Anhang):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:57, on 26.03.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
C:\ATI R\setup.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: setup.url
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11990 bytes

Ich hoffe mit der Thread erfülle ich alle 8 Gebote dieses Boards und natürlich, dass mir jemand von euch helfen kann - dieser Werbefenster nerven kollosal.

Mit freundlichen Grüßen - Der Kasper

Alt 26.03.2012, 15:35   #2
markusg
/// Malware-holic
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 26.03.2012, 16:02   #3
kazpa
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



Hallo markusg,
danke für die schnelle Reaktion.
OTL.exe wurde ausgeführt.

Ist natürlich alles zu lang. Also wieder im Anhang.


Die Hosts habe ich eigenhändig gelöscht. Mit ist aber aufgefallen, dass Spybot search and destroy da sehr viele Einträge hinzugefügt hat. Ich nehme an es hat seine Richtigkeit.

Gruß, der Kasper
__________________

Alt 26.03.2012, 16:12   #4
markusg
/// Malware-holic
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



ist das ne spezielle werbung, also ne spezielle seite die geöffnet wird?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.03.2012, 17:55   #5
kazpa
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



Hallo,
Bestimmte Werbungen wiederholen sich.
So z.B. für BMW, für das Spiel Travian...

Ich habe einen Screenshot angehängt.

Gruß, der kasper

Angehängte Grafiken
Dateityp: jpg trojaner1.jpg (170,9 KB, 113x aufgerufen)

Alt 26.03.2012, 18:04   #6
markusg
/// Malware-holic
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
--> IE Werbefenster öffnen sich willkürlich

Alt 26.03.2012, 19:11   #7
kazpa
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



Hallo,

hier kommt die Log vom CombiFix:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-26.02 - Kasper 26.03.2012  18:36:37.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6058.4189 [GMT 2:00]
ausgeführt von:: d:\desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kasper\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-26 bis 2012-03-26  ))))))))))))))))))))))))))))))
.
.
2012-03-26 16:42 . 2012-03-26 16:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-25 22:51 . 2012-03-25 22:51	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{61D84421-7605-489A-B4AD-011C71BE96A1}\offreg.dll
2012-03-25 20:48 . 2012-03-25 20:48	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-03-25 20:48 . 2012-03-25 20:48	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-03-24 10:33 . 2012-03-24 11:37	--------	d-----w-	C:\Temp
2012-03-24 10:10 . 2012-03-24 11:22	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-03-24 10:10 . 2012-03-24 10:15	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-03-23 12:50 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{61D84421-7605-489A-B4AD-011C71BE96A1}\mpengine.dll
2012-03-21 12:20 . 2012-03-26 17:06	28160	----a-w-	c:\windows\SysWow64\setup.exe
2012-03-21 12:20 . 2012-03-26 17:06	28160	----a-w-	c:\windows\SysWow64\setup1.1.exe
2012-03-15 02:03 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-15 02:03 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 02:03 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 08:55 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 08:55 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 08:55 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 08:55 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 08:55 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:55 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 08:55 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 08:55 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:55 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:55 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-13 22:28 . 2012-03-13 22:28	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-03-13 14:42 . 2012-03-13 14:42	--------	d-----w-	c:\programdata\PACE Anti-Piracy
2012-03-13 14:42 . 2012-03-13 14:42	--------	d-----w-	c:\program files\Common Files\PACE Anti-Piracy
2012-03-11 22:02 . 2012-03-11 22:02	--------	d-----w-	c:\windows\Sun
2012-03-11 22:02 . 2012-03-11 22:02	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-03-11 22:02 . 2012-03-11 22:02	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-03-11 22:02 . 2012-03-11 22:02	--------	d-----w-	c:\program files (x86)\Java
2012-03-09 15:06 . 2012-03-09 16:10	--------	d-----w-	c:\programdata\Blizzard Entertainment
2012-03-09 15:06 . 2012-03-09 15:24	--------	d-----w-	c:\program files (x86)\Common Files\Blizzard Entertainment
2012-03-08 16:16 . 2012-03-08 16:16	--------	d-----w-	c:\program files (x86)\Citavi 3
2012-03-08 13:43 . 2012-03-08 16:16	--------	d-----w-	c:\programdata\Swiss Academic Software
2012-03-08 02:40 . 2012-03-08 02:40	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2012-03-07 22:12 . 2012-03-07 22:13	--------	d-----w-	c:\program files (x86)\Opera
2012-03-07 14:16 . 2012-03-11 13:22	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-03-07 02:11 . 2011-07-16 05:41	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-03-06 22:41 . 2009-09-04 16:29	1892184	----a-w-	c:\windows\SysWow64\D3DX9_42.dll
2012-03-06 22:41 . 2006-09-28 15:05	2414360	----a-w-	c:\windows\SysWow64\d3dx9_31.dll
2012-03-06 22:40 . 2012-03-06 22:40	--------	d-----w-	c:\program files (x86)\Winamp Detect
2012-03-06 22:40 . 2012-03-06 22:41	--------	d-----w-	c:\program files (x86)\Winamp
2012-03-06 22:40 . 2012-03-06 22:40	--------	d-----w-	C:\ATI R
2012-03-06 22:38 . 2012-03-06 22:38	--------	d-----w-	c:\program files\7-Zip
2012-03-06 22:28 . 2012-03-06 22:28	--------	d-----w-	c:\program files (x86)\VideoLAN
2012-03-06 16:56 . 2012-03-06 16:56	--------	d-----w-	c:\programdata\ATI
2012-03-06 15:20 . 2012-03-06 15:20	--------	d-----w-	c:\programdata\ALM
2012-03-06 15:16 . 2012-03-06 15:16	--------	d-----w-	c:\program files (x86)\Adobe Media Player
2012-03-06 15:15 . 2012-03-06 22:40	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2012-03-06 15:15 . 2012-03-06 15:15	--------	d-----w-	c:\program files (x86)\My Company Name
2012-03-06 15:15 . 2012-03-06 15:15	--------	d-----w-	c:\program files (x86)\Common Files\Sonic Shared
2012-03-06 15:15 . 2011-03-04 19:44	55856	------w-	c:\windows\system32\drivers\PxHlpa64.sys
2012-03-06 15:15 . 2009-06-23 02:00	10224	------w-	c:\windows\system32\drivers\cdralw2k.sys
2012-03-06 15:15 . 2009-06-23 02:00	10224	------w-	c:\windows\system32\drivers\cdr4_xp.sys
2012-03-06 15:15 . 2012-03-06 15:23	--------	d-----w-	c:\program files\Common Files\Adobe
2012-03-06 15:14 . 2012-03-06 15:14	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2012-03-06 14:53 . 2012-03-06 15:26	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-03-06 14:50 . 2012-03-06 14:50	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-06 14:50 . 2012-03-06 14:50	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2012-03-06 14:49 . 2012-03-06 14:50	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2012-03-06 14:43 . 2012-03-09 02:02	--------	d-----w-	c:\program files (x86)\Microsoft Works
2012-03-06 14:43 . 2012-03-10 02:01	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2012-03-06 14:41 . 2012-03-06 14:41	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2012-03-06 14:41 . 2012-03-20 19:18	--------	d-----w-	c:\programdata\Microsoft Help
2012-03-06 14:41 . 2012-03-06 14:41	--------	d-----r-	C:\MSOCache
2012-03-06 14:34 . 2012-03-06 14:34	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 14:33 . 2012-03-06 14:33	--------	d-----w-	c:\windows\system32\Macromed
2012-03-06 14:06 . 2012-03-06 14:08	--------	d-----w-	c:\program files (x86)\RocketDock
2012-03-06 12:37 . 2012-01-31 07:56	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-03-06 12:37 . 2012-01-31 07:56	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-03-06 12:37 . 2011-09-16 15:08	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-03-06 12:37 . 2012-03-06 12:37	--------	d-----w-	c:\programdata\Avira
2012-03-06 12:37 . 2012-03-06 12:37	--------	d-----w-	c:\program files (x86)\Avira
2012-03-06 11:04 . 2011-02-15 23:35	39464	----a-w-	c:\windows\system32\drivers\btwl2cap.sys
2012-03-06 11:04 . 2011-01-25 00:29	107560	----a-w-	c:\windows\system32\drivers\btwaudio.sys
2012-03-06 11:04 . 2011-01-10 23:15	349736	----a-w-	c:\windows\system32\drivers\btwampfl.sys
2012-03-06 11:04 . 2010-09-21 07:20	22056	----a-w-	c:\windows\system32\btwcoins.dll
2012-03-06 11:04 . 2010-09-14 22:59	138280	----a-w-	c:\windows\system32\drivers\btwavdt.sys
2012-03-06 11:04 . 2010-09-14 22:59	21416	----a-w-	c:\windows\system32\drivers\btwrchid.sys
2012-03-06 11:03 . 2012-03-06 11:03	--------	d-----w-	c:\program files\WIDCOMM
2012-03-06 11:03 . 2012-03-13 22:28	--------	d-----r-	c:\program files (x86)\Skype
2012-03-06 11:02 . 2012-03-13 22:28	--------	d-----w-	c:\programdata\Skype
2012-03-06 11:02 . 2012-03-08 06:34	--------	d-----w-	c:\users\Kasper
2012-03-06 11:02 . 2012-03-06 11:02	--------	d-----w-	C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 11:43 . 2011-03-28 09:36	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 08:18 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 23:24 . 2012-02-15 23:24	203320	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2012-02-15 23:24 . 2012-02-15 23:24	99384	----a-w-	c:\windows\system32\drivers\ssudbus.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-22 21416]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-22 943504]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup.url [2012-3-26 94]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-5-10 1131296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2011-09-23 79664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-01 12661352]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\q7tlne0c.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.opera.com/m/#!/Inbox
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Notify-igfxcui - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-HijackThis - d:\downloads\HijackThis.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fc,d6,ff,7b,11,40,e4,17,2a,e6,cc,ff,00,00,61,5f,cf,48,61,15,1d,
   18,9a,8d,29,99,45,e1,9a,6c,c0,d9,35,fe,78,60,64,33,ce,d8,75,87,1d,5f,62,26,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:fc,d6,ff,7b,11,40,e4,17,2a,e6,cc,ff,00,00,61,5f,cf,48,61,15,1d,
   18,9a,8d,29,99,45,e1,9a,6c,c0,d9,35,fe,78,60,64,33,ce,d8,75,87,1d,5f,62,26,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\ati r\setup.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Samsung\Kies\External\DeviceModules\DeviceManager.exe
c:\program files (x86)\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-26  19:09:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-26 17:09
.
Vor Suchlauf: 10 Verzeichnis(se), 340.642.299.904 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 340.046.217.216 Bytes frei
.
- - End Of File - - 09EFE21147BC109F00A0EE492B08CAEB
         
--- --- ---


Hoffe das hilft. Gruß, der Kasper

Alt 26.03.2012, 20:21   #8
markusg
/// Malware-holic
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.03.2012, 20:30   #9
kazpa
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



Unglaublich, was es alles für tools gibt.

Hier die Log :

20:28:29.0787 3632 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
20:28:30.0017 3632 ============================================================
20:28:30.0017 3632 Current date / time: 2012/03/26 20:28:30.0017
20:28:30.0017 3632 SystemInfo:
20:28:30.0017 3632
20:28:30.0017 3632 OS Version: 6.1.7601 ServicePack: 1.0
20:28:30.0017 3632 Product type: Workstation
20:28:30.0017 3632 ComputerName: KASPERSMACHINE
20:28:30.0017 3632 UserName: Kasper
20:28:30.0017 3632 Windows directory: C:\windows
20:28:30.0017 3632 System windows directory: C:\windows
20:28:30.0017 3632 Running under WOW64
20:28:30.0017 3632 Processor architecture: Intel x64
20:28:30.0017 3632 Number of processors: 4
20:28:30.0017 3632 Page size: 0x1000
20:28:30.0017 3632 Boot type: Normal boot
20:28:30.0017 3632 ============================================================
20:28:30.0287 3632 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:28:30.0288 3632 Drive \Device\Harddisk1\DR1 - Size: 0x1DD936000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CA5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
20:28:30.0292 3632 \Device\Harddisk0\DR0:
20:28:30.0292 3632 MBR used
20:28:30.0292 3632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:28:30.0292 3632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2D600000
20:28:30.0372 3632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2D633000, BlocksNum 0x4409B800
20:28:30.0372 3632 \Device\Harddisk1\DR1:
20:28:30.0372 3632 MBR used
20:28:30.0552 3632 Initialize success
20:28:30.0552 3632 ============================================================
20:28:46.0319 4668 ============================================================
20:28:46.0319 4668 Scan started
20:28:46.0319 4668 Mode: Manual; SigCheck; TDLFS;
20:28:46.0320 4668 ============================================================
20:28:46.0644 4668 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:28:46.0670 4668 !SASCORE - ok
20:28:46.0821 4668 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:28:46.0834 4668 1394ohci - ok
20:28:46.0861 4668 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:28:46.0872 4668 ACPI - ok
20:28:46.0902 4668 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
20:28:46.0922 4668 acpials - ok
20:28:47.0007 4668 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:28:47.0030 4668 AcpiPmi - ok
20:28:47.0148 4668 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:28:47.0154 4668 AdobeARMservice - ok
20:28:47.0247 4668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
20:28:47.0262 4668 adp94xx - ok
20:28:47.0292 4668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
20:28:47.0303 4668 adpahci - ok
20:28:47.0323 4668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
20:28:47.0333 4668 adpu320 - ok
20:28:47.0356 4668 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
20:28:47.0412 4668 AeLookupSvc - ok
20:28:47.0490 4668 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
20:28:47.0505 4668 AFD - ok
20:28:47.0530 4668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:28:47.0536 4668 agp440 - ok
20:28:47.0543 4668 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
20:28:47.0597 4668 ALG - ok
20:28:47.0635 4668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:28:47.0641 4668 aliide - ok
20:28:47.0698 4668 AMD External Events Utility (41161c9e6b6fda5631812c7baed660d9) C:\windows\system32\atiesrxx.exe
20:28:47.0779 4668 AMD External Events Utility - ok
20:28:47.0835 4668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:28:47.0841 4668 amdide - ok
20:28:47.0877 4668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
20:28:47.0894 4668 AmdK8 - ok
20:28:48.0087 4668 amdkmdag (721472b844e2e0e7695dda2bbf31652f) C:\windows\system32\DRIVERS\atikmdag.sys
20:28:48.0266 4668 amdkmdag - ok
20:28:48.0459 4668 amdkmdap (49b52d2bacea3a3c3d900082e031d5ee) C:\windows\system32\DRIVERS\atikmpag.sys
20:28:48.0472 4668 amdkmdap - ok
20:28:48.0494 4668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
20:28:48.0513 4668 AmdPPM - ok
20:28:48.0545 4668 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:28:48.0553 4668 amdsata - ok
20:28:48.0579 4668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
20:28:48.0588 4668 amdsbs - ok
20:28:48.0606 4668 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:28:48.0612 4668 amdxata - ok
20:28:48.0683 4668 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:28:48.0692 4668 AntiVirSchedulerService - ok
20:28:48.0713 4668 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:28:48.0719 4668 AntiVirService - ok
20:28:48.0785 4668 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:28:48.0831 4668 AppID - ok
20:28:48.0855 4668 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
20:28:48.0883 4668 AppIDSvc - ok
20:28:48.0891 4668 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
20:28:48.0923 4668 Appinfo - ok
20:28:48.0950 4668 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
20:28:48.0958 4668 arc - ok
20:28:48.0971 4668 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
20:28:48.0978 4668 arcsas - ok
20:28:49.0048 4668 asmthub3 (0aa7a996792fb0287b33a57a8093ae44) C:\windows\system32\DRIVERS\asmthub3.sys
20:28:49.0070 4668 asmthub3 - ok
20:28:49.0103 4668 asmtxhci (125dc3abf5bfccfe82ad17d078e0b9ec) C:\windows\system32\DRIVERS\asmtxhci.sys
20:28:49.0112 4668 asmtxhci - ok
20:28:49.0119 4668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:28:49.0144 4668 AsyncMac - ok
20:28:49.0151 4668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:28:49.0158 4668 atapi - ok
20:28:49.0184 4668 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:28:49.0224 4668 AudioEndpointBuilder - ok
20:28:49.0232 4668 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:28:49.0265 4668 AudioSrv - ok
20:28:49.0291 4668 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\windows\system32\DRIVERS\avgntflt.sys
20:28:49.0297 4668 avgntflt - ok
20:28:49.0311 4668 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\windows\system32\DRIVERS\avipbb.sys
20:28:49.0318 4668 avipbb - ok
20:28:49.0391 4668 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
20:28:49.0397 4668 avkmgr - ok
20:28:49.0425 4668 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
20:28:49.0445 4668 AxInstSV - ok
20:28:49.0475 4668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
20:28:49.0508 4668 b06bdrv - ok
20:28:49.0532 4668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:28:49.0551 4668 b57nd60a - ok
20:28:49.0616 4668 BCM43XX (63dd9c990883709053dd2c427df0db6f) C:\windows\system32\DRIVERS\bcmwl664.sys
20:28:49.0660 4668 BCM43XX - ok
20:28:49.0803 4668 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
20:28:49.0827 4668 BDESVC - ok
20:28:49.0874 4668 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:28:49.0899 4668 Beep - ok
20:28:49.0932 4668 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
20:28:49.0973 4668 BFE - ok
20:28:50.0010 4668 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
20:28:50.0048 4668 BITS - ok
20:28:50.0059 4668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:28:50.0074 4668 blbdrive - ok
20:28:50.0114 4668 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:28:50.0125 4668 bowser - ok
20:28:50.0145 4668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
20:28:50.0155 4668 BrFiltLo - ok
20:28:50.0225 4668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
20:28:50.0234 4668 BrFiltUp - ok
20:28:50.0256 4668 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
20:28:50.0291 4668 BridgeMP - ok
20:28:50.0309 4668 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
20:28:50.0338 4668 Browser - ok
20:28:50.0375 4668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:28:50.0388 4668 Brserid - ok
20:28:50.0395 4668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:28:50.0419 4668 BrSerWdm - ok
20:28:50.0436 4668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:28:50.0450 4668 BrUsbMdm - ok
20:28:50.0464 4668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:28:50.0475 4668 BrUsbSer - ok
20:28:50.0512 4668 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
20:28:50.0532 4668 BthEnum - ok
20:28:50.0601 4668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
20:28:50.0613 4668 BTHMODEM - ok
20:28:50.0623 4668 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:28:50.0634 4668 BthPan - ok
20:28:50.0678 4668 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
20:28:50.0694 4668 BTHPORT - ok
20:28:50.0720 4668 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
20:28:50.0748 4668 bthserv - ok
20:28:50.0771 4668 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
20:28:50.0794 4668 BTHUSB - ok
20:28:50.0894 4668 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\windows\system32\DRIVERS\btwampfl.sys
20:28:50.0903 4668 BTWAMPFL - ok
20:28:50.0922 4668 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\windows\system32\drivers\btwaudio.sys
20:28:50.0930 4668 btwaudio - ok
20:28:50.0949 4668 btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\DRIVERS\btwavdt.sys
20:28:50.0956 4668 btwavdt - ok
20:28:51.0094 4668 btwdins (2e79f03d1dc44426c59d01bfdd3462c0) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:28:51.0110 4668 btwdins - ok
20:28:51.0289 4668 btwl2cap (346b4051b3d7ff70e8f027869b8eca6e) C:\windows\system32\DRIVERS\btwl2cap.sys
20:28:51.0295 4668 btwl2cap - ok
20:28:51.0318 4668 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys
20:28:51.0323 4668 btwrchid - ok
20:28:51.0325 4668 catchme - ok
20:28:51.0362 4668 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:28:51.0395 4668 cdfs - ok
20:28:51.0412 4668 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
20:28:51.0422 4668 cdrom - ok
20:28:51.0442 4668 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:28:51.0470 4668 CertPropSvc - ok
20:28:51.0486 4668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
20:28:51.0502 4668 circlass - ok
20:28:51.0526 4668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:28:51.0538 4668 CLFS - ok
20:28:51.0647 4668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:28:51.0657 4668 clr_optimization_v2.0.50727_32 - ok
20:28:51.0711 4668 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:28:51.0720 4668 clr_optimization_v2.0.50727_64 - ok
20:28:51.0838 4668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:28:51.0844 4668 clr_optimization_v4.0.30319_32 - ok
20:28:51.0870 4668 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:28:51.0876 4668 clr_optimization_v4.0.30319_64 - ok
20:28:52.0015 4668 clwvd (e13a438f9e51dd034730678e33b73290) C:\windows\system32\DRIVERS\clwvd.sys
20:28:52.0021 4668 clwvd - ok
20:28:52.0047 4668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:28:52.0064 4668 CmBatt - ok
20:28:52.0083 4668 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:28:52.0088 4668 cmdide - ok
20:28:52.0195 4668 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
20:28:52.0215 4668 CNG - ok
20:28:52.0221 4668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:28:52.0227 4668 Compbatt - ok
20:28:52.0234 4668 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
20:28:52.0244 4668 CompositeBus - ok
20:28:52.0250 4668 COMSysApp - ok
20:28:52.0272 4668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
20:28:52.0277 4668 crcdisk - ok
20:28:52.0314 4668 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
20:28:52.0343 4668 CryptSvc - ok
20:28:52.0372 4668 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:28:52.0403 4668 DcomLaunch - ok
20:28:52.0427 4668 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
20:28:52.0469 4668 defragsvc - ok
20:28:52.0506 4668 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:28:52.0545 4668 DfsC - ok
20:28:52.0553 4668 dgderdrv - ok
20:28:52.0585 4668 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\windows\system32\DRIVERS\ssudbus.sys
20:28:52.0591 4668 dg_ssudbus - ok
20:28:52.0609 4668 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
20:28:52.0650 4668 Dhcp - ok
20:28:52.0665 4668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:28:52.0691 4668 discache - ok
20:28:52.0710 4668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
20:28:52.0716 4668 Disk - ok
20:28:52.0740 4668 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
20:28:52.0774 4668 Dnscache - ok
20:28:52.0862 4668 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
20:28:52.0906 4668 dot3svc - ok
20:28:52.0913 4668 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
20:28:52.0949 4668 DPS - ok
20:28:52.0963 4668 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:28:52.0991 4668 drmkaud - ok
20:28:53.0035 4668 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\windows\system32\DRIVERS\dtsoftbus01.sys
20:28:53.0043 4668 dtsoftbus01 - ok
20:28:53.0146 4668 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:28:53.0164 4668 DXGKrnl - ok
20:28:53.0196 4668 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
20:28:53.0222 4668 EapHost - ok
20:28:53.0312 4668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
20:28:53.0367 4668 ebdrv - ok
20:28:53.0514 4668 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
20:28:53.0521 4668 EFS - ok
20:28:53.0571 4668 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
20:28:53.0598 4668 ehRecvr - ok
20:28:53.0604 4668 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
20:28:53.0618 4668 ehSched - ok
20:28:53.0712 4668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
20:28:53.0728 4668 elxstor - ok
20:28:53.0745 4668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:28:53.0754 4668 ErrDev - ok
20:28:53.0789 4668 ETD (fd0d922de7d2ad9e98562caa19a7cd2d) C:\windows\system32\DRIVERS\ETD.sys
20:28:53.0797 4668 ETD - ok
20:28:53.0822 4668 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
20:28:53.0856 4668 EventSystem - ok
20:28:53.0876 4668 excfs (f5edae6d881bec339ab53020082f6c61) C:\windows\system32\DRIVERS\excfs.sys
20:28:53.0881 4668 excfs - ok
20:28:53.0889 4668 excsd (01f4de24bf8adb020f2515b69a6255e7) C:\windows\system32\DRIVERS\excsd.sys
20:28:53.0896 4668 excsd - ok
20:28:53.0923 4668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:28:53.0951 4668 exfat - ok
20:28:54.0081 4668 ExpressCache (76bcb62e9bf82af629b70a6553bf7428) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
20:28:54.0090 4668 ExpressCache - ok
20:28:54.0110 4668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:28:54.0147 4668 fastfat - ok
20:28:54.0261 4668 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
20:28:54.0290 4668 Fax - ok
20:28:54.0306 4668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
20:28:54.0318 4668 fdc - ok
20:28:54.0338 4668 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
20:28:54.0368 4668 fdPHost - ok
20:28:54.0374 4668 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
20:28:54.0420 4668 FDResPub - ok
20:28:54.0432 4668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:28:54.0439 4668 FileInfo - ok
20:28:54.0460 4668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:28:54.0493 4668 Filetrace - ok
20:28:54.0504 4668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
20:28:54.0512 4668 flpydisk - ok
20:28:54.0540 4668 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:28:54.0550 4668 FltMgr - ok
20:28:54.0586 4668 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
20:28:54.0603 4668 FontCache - ok
20:28:54.0752 4668 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:28:54.0759 4668 FontCache3.0.0.0 - ok
20:28:54.0897 4668 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:28:54.0903 4668 FsDepends - ok
20:28:54.0919 4668 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:28:54.0928 4668 Fs_Rec - ok
20:28:54.0944 4668 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:28:54.0955 4668 fvevol - ok
20:28:54.0975 4668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
20:28:54.0981 4668 gagp30kx - ok
20:28:55.0076 4668 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
20:28:55.0090 4668 GameConsoleService - ok
20:28:55.0130 4668 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
20:28:55.0163 4668 gpsvc - ok
20:28:55.0180 4668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:28:55.0203 4668 hcw85cir - ok
20:28:55.0279 4668 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:28:55.0309 4668 HdAudAddService - ok
20:28:55.0322 4668 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:28:55.0345 4668 HDAudBus - ok
20:28:55.0359 4668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
20:28:55.0383 4668 HidBatt - ok
20:28:55.0400 4668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
20:28:55.0426 4668 HidBth - ok
20:28:55.0445 4668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
20:28:55.0455 4668 HidIr - ok
20:28:55.0483 4668 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
20:28:55.0582 4668 hidserv - ok
20:28:55.0610 4668 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
20:28:55.0618 4668 HidUsb - ok
20:28:55.0638 4668 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
20:28:55.0666 4668 hkmsvc - ok
20:28:55.0674 4668 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
20:28:55.0686 4668 HomeGroupListener - ok
20:28:55.0709 4668 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
20:28:55.0722 4668 HomeGroupProvider - ok
20:28:55.0749 4668 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:28:55.0756 4668 HpSAMD - ok
20:28:55.0787 4668 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:28:55.0842 4668 HTTP - ok
20:28:55.0864 4668 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:28:55.0871 4668 hwpolicy - ok
20:28:55.0926 4668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:28:55.0934 4668 i8042prt - ok
20:28:55.0971 4668 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\windows\system32\DRIVERS\iaStor.sys
20:28:55.0980 4668 iaStor - ok
20:28:56.0017 4668 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:28:56.0031 4668 iaStorV - ok
20:28:56.0132 4668 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:28:56.0162 4668 idsvc - ok
20:28:56.0398 4668 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
20:28:56.0685 4668 igfx - ok
20:28:56.0868 4668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
20:28:56.0874 4668 iirsp - ok
20:28:56.0907 4668 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
20:28:56.0949 4668 IKEEXT - ok
20:28:57.0046 4668 IntcAzAudAddService (5205de9bd47f633e06ef3ef3de11ef99) C:\windows\system32\drivers\RTKVHD64.sys
20:28:57.0088 4668 IntcAzAudAddService - ok
20:28:57.0206 4668 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
20:28:57.0217 4668 IntcDAud - ok
20:28:57.0277 4668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:28:57.0283 4668 intelide - ok
20:28:57.0508 4668 intelkmd (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdpmd64.sys
20:28:57.0744 4668 intelkmd - ok
20:28:57.0927 4668 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:28:57.0941 4668 intelppm - ok
20:28:57.0967 4668 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
20:28:57.0996 4668 IPBusEnum - ok
20:28:58.0042 4668 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:28:58.0077 4668 IpFilterDriver - ok
20:28:58.0097 4668 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
20:28:58.0126 4668 iphlpsvc - ok
20:28:58.0149 4668 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:28:58.0159 4668 IPMIDRV - ok
20:28:58.0176 4668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:28:58.0207 4668 IPNAT - ok
20:28:58.0224 4668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:28:58.0235 4668 IRENUM - ok
20:28:58.0242 4668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:28:58.0248 4668 isapnp - ok
20:28:58.0307 4668 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:28:58.0317 4668 iScsiPrt - ok
20:28:58.0333 4668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:28:58.0339 4668 kbdclass - ok
20:28:58.0359 4668 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
20:28:58.0368 4668 kbdhid - ok
20:28:58.0406 4668 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:28:58.0413 4668 KeyIso - ok
20:28:58.0474 4668 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
20:28:58.0481 4668 KSecDD - ok
20:28:58.0500 4668 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
20:28:58.0507 4668 KSecPkg - ok
20:28:58.0517 4668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:28:58.0543 4668 ksthunk - ok
20:28:58.0581 4668 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
20:28:58.0617 4668 KtmRm - ok
20:28:58.0675 4668 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
20:28:58.0719 4668 LanmanServer - ok
20:28:58.0736 4668 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
20:28:58.0768 4668 LanmanWorkstation - ok
20:28:58.0784 4668 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:28:58.0828 4668 lltdio - ok
20:28:58.0860 4668 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
20:28:58.0896 4668 lltdsvc - ok
20:28:58.0943 4668 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
20:28:58.0969 4668 lmhosts - ok
20:28:59.0053 4668 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:28:59.0061 4668 LMS - ok
20:28:59.0158 4668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
20:28:59.0165 4668 LSI_FC - ok
20:28:59.0173 4668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
20:28:59.0180 4668 LSI_SAS - ok
20:28:59.0195 4668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
20:28:59.0202 4668 LSI_SAS2 - ok
20:28:59.0218 4668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
20:28:59.0225 4668 LSI_SCSI - ok
20:28:59.0243 4668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:28:59.0270 4668 luafv - ok
20:28:59.0303 4668 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
20:28:59.0318 4668 Mcx2Svc - ok
20:28:59.0333 4668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
20:28:59.0339 4668 megasas - ok
20:28:59.0354 4668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
20:28:59.0363 4668 MegaSR - ok
20:28:59.0400 4668 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
20:28:59.0405 4668 MEIx64 - ok
20:28:59.0555 4668 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:28:59.0564 4668 Microsoft Office Groove Audit Service - ok
20:28:59.0601 4668 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:28:59.0630 4668 MMCSS - ok
20:28:59.0646 4668 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:28:59.0687 4668 Modem - ok
20:28:59.0708 4668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:28:59.0725 4668 monitor - ok
20:28:59.0746 4668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:28:59.0752 4668 mouclass - ok
20:28:59.0782 4668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:28:59.0791 4668 mouhid - ok
20:28:59.0810 4668 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:28:59.0817 4668 mountmgr - ok
20:28:59.0845 4668 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:28:59.0853 4668 mpio - ok
20:28:59.0868 4668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:28:59.0895 4668 mpsdrv - ok
20:28:59.0934 4668 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
20:28:59.0977 4668 MpsSvc - ok
20:28:59.0997 4668 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:29:00.0011 4668 MRxDAV - ok
20:29:00.0089 4668 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:29:00.0100 4668 mrxsmb - ok
20:29:00.0139 4668 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:29:00.0149 4668 mrxsmb10 - ok
20:29:00.0173 4668 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:29:00.0182 4668 mrxsmb20 - ok
20:29:00.0199 4668 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:29:00.0205 4668 msahci - ok
20:29:00.0220 4668 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:29:00.0230 4668 msdsm - ok
20:29:00.0268 4668 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
20:29:00.0282 4668 MSDTC - ok
20:29:00.0292 4668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:29:00.0385 4668 Msfs - ok
20:29:00.0403 4668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:29:00.0428 4668 mshidkmdf - ok
20:29:00.0449 4668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:29:00.0456 4668 msisadrv - ok
20:29:00.0488 4668 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
20:29:00.0518 4668 MSiSCSI - ok
20:29:00.0523 4668 msiserver - ok
20:29:00.0548 4668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:29:00.0574 4668 MSKSSRV - ok
20:29:00.0593 4668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:29:00.0626 4668 MSPCLOCK - ok
20:29:00.0696 4668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:29:00.0721 4668 MSPQM - ok
20:29:00.0741 4668 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:29:00.0753 4668 MsRPC - ok
20:29:00.0784 4668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:29:00.0790 4668 mssmbios - ok
20:29:00.0860 4668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:29:00.0886 4668 MSTEE - ok
20:29:00.0901 4668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
20:29:00.0926 4668 MTConfig - ok
20:29:00.0947 4668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:29:00.0953 4668 Mup - ok
20:29:01.0029 4668 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
20:29:01.0072 4668 napagent - ok
20:29:01.0105 4668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:29:01.0125 4668 NativeWifiP - ok
20:29:01.0204 4668 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
20:29:01.0221 4668 NDIS - ok
20:29:01.0251 4668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:29:01.0286 4668 NdisCap - ok
20:29:01.0303 4668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:29:01.0328 4668 NdisTapi - ok
20:29:01.0341 4668 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:29:01.0372 4668 Ndisuio - ok
20:29:01.0380 4668 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:29:01.0418 4668 NdisWan - ok
20:29:01.0434 4668 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:29:01.0459 4668 NDProxy - ok
20:29:01.0473 4668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:29:01.0517 4668 NetBIOS - ok
20:29:01.0534 4668 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:29:01.0561 4668 NetBT - ok
20:29:01.0600 4668 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:29:01.0607 4668 Netlogon - ok
20:29:01.0640 4668 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
20:29:01.0668 4668 Netman - ok
20:29:01.0695 4668 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
20:29:01.0724 4668 netprofm - ok
20:29:01.0870 4668 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:29:01.0882 4668 NetTcpPortSharing - ok
20:29:01.0932 4668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
20:29:01.0938 4668 nfrd960 - ok
20:29:01.0966 4668 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
20:29:02.0003 4668 NlaSvc - ok
20:29:02.0017 4668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:29:02.0046 4668 Npfs - ok
20:29:02.0052 4668 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
20:29:02.0090 4668 nsi - ok
20:29:02.0104 4668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:29:02.0146 4668 nsiproxy - ok
20:29:02.0203 4668 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:29:02.0230 4668 Ntfs - ok
20:29:02.0404 4668 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:29:02.0428 4668 Null - ok
20:29:02.0458 4668 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:29:02.0467 4668 nvraid - ok
20:29:02.0509 4668 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:29:02.0517 4668 nvstor - ok
20:29:02.0541 4668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:29:02.0548 4668 nv_agp - ok
20:29:02.0632 4668 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:29:02.0648 4668 odserv - ok
20:29:02.0664 4668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:29:02.0673 4668 ohci1394 - ok
20:29:02.0701 4668 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:29:02.0712 4668 ose - ok
20:29:02.0742 4668 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:29:02.0754 4668 p2pimsvc - ok
20:29:02.0764 4668 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
20:29:02.0786 4668 p2psvc - ok
20:29:02.0805 4668 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
20:29:02.0816 4668 Parport - ok
20:29:02.0841 4668 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
20:29:02.0848 4668 partmgr - ok
20:29:02.0869 4668 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
20:29:02.0887 4668 PcaSvc - ok
20:29:02.0895 4668 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:29:02.0906 4668 pci - ok
20:29:02.0925 4668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:29:02.0931 4668 pciide - ok
20:29:02.0952 4668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
20:29:02.0963 4668 pcmcia - ok
20:29:02.0970 4668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:29:02.0976 4668 pcw - ok
20:29:03.0004 4668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:29:03.0038 4668 PEAUTH - ok
20:29:03.0090 4668 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
20:29:03.0111 4668 PerfHost - ok
20:29:03.0152 4668 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
20:29:03.0208 4668 pla - ok
20:29:03.0309 4668 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
20:29:03.0321 4668 PlugPlay - ok
20:29:03.0351 4668 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
20:29:03.0365 4668 PNRPAutoReg - ok
20:29:03.0386 4668 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:29:03.0398 4668 PNRPsvc - ok
20:29:03.0433 4668 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
20:29:03.0465 4668 PolicyAgent - ok
20:29:03.0481 4668 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
20:29:03.0509 4668 Power - ok
20:29:03.0558 4668 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:29:03.0582 4668 PptpMiniport - ok
20:29:03.0603 4668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
20:29:03.0611 4668 Processor - ok
20:29:03.0639 4668 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
20:29:03.0665 4668 ProfSvc - ok
20:29:03.0707 4668 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:29:03.0715 4668 ProtectedStorage - ok
20:29:03.0733 4668 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:29:03.0772 4668 Psched - ok
20:29:03.0808 4668 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
20:29:03.0814 4668 PxHlpa64 - ok
20:29:03.0860 4668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
20:29:03.0897 4668 ql2300 - ok
20:29:04.0018 4668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
20:29:04.0025 4668 ql40xx - ok
20:29:04.0057 4668 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
20:29:04.0075 4668 QWAVE - ok
20:29:04.0084 4668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:29:04.0114 4668 QWAVEdrv - ok
20:29:04.0133 4668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:29:04.0174 4668 RasAcd - ok
20:29:04.0197 4668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:29:04.0223 4668 RasAgileVpn - ok
20:29:04.0239 4668 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
20:29:04.0268 4668 RasAuto - ok
20:29:04.0288 4668 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:29:04.0313 4668 Rasl2tp - ok
20:29:04.0333 4668 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
20:29:04.0381 4668 RasMan - ok
20:29:04.0389 4668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:29:04.0426 4668 RasPppoe - ok
20:29:04.0446 4668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:29:04.0482 4668 RasSstp - ok
20:29:04.0506 4668 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:29:04.0534 4668 rdbss - ok
20:29:04.0557 4668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
20:29:04.0567 4668 rdpbus - ok
20:29:04.0590 4668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:29:04.0615 4668 RDPCDD - ok
20:29:04.0630 4668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:29:04.0677 4668 RDPENCDD - ok
20:29:04.0691 4668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:29:04.0731 4668 RDPREFMP - ok
20:29:04.0763 4668 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
20:29:04.0790 4668 RDPWD - ok
20:29:04.0809 4668 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:29:04.0817 4668 rdyboost - ok
20:29:04.0844 4668 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
20:29:04.0874 4668 RemoteAccess - ok
20:29:04.0896 4668 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
20:29:04.0922 4668 RemoteRegistry - ok
20:29:04.0953 4668 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:29:04.0964 4668 RFCOMM - ok
20:29:05.0045 4668 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
20:29:05.0052 4668 RichVideo - ok
20:29:05.0072 4668 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
20:29:05.0103 4668 RpcEptMapper - ok
20:29:05.0122 4668 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
20:29:05.0132 4668 RpcLocator - ok
20:29:05.0149 4668 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:29:05.0189 4668 RpcSs - ok
20:29:05.0229 4668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:29:05.0254 4668 rspndr - ok
20:29:05.0284 4668 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\windows\system32\DRIVERS\Rt64win7.sys
20:29:05.0295 4668 RTL8167 - ok
20:29:05.0343 4668 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
20:29:05.0350 4668 SABI - ok
20:29:05.0393 4668 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:29:05.0401 4668 SamSs - ok
20:29:05.0477 4668 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:29:05.0482 4668 SASDIFSV - ok
20:29:05.0495 4668 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:29:05.0500 4668 SASKUTIL - ok
20:29:05.0527 4668 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:29:05.0534 4668 sbp2port - ok
20:29:05.0629 4668 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:29:05.0648 4668 SBSDWSCService - ok
20:29:05.0714 4668 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
20:29:05.0744 4668 SCardSvr - ok
20:29:05.0798 4668 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:29:05.0823 4668 scfilter - ok
20:29:05.0855 4668 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
20:29:05.0890 4668 Schedule - ok
20:29:05.0918 4668 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:29:05.0943 4668 SCPolicySvc - ok
20:29:05.0970 4668 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
20:29:06.0001 4668 SDRSVC - ok
20:29:06.0044 4668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:29:06.0070 4668 secdrv - ok
20:29:06.0085 4668 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
20:29:06.0117 4668 seclogon - ok
20:29:06.0135 4668 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
20:29:06.0165 4668 SENS - ok
20:29:06.0171 4668 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
20:29:06.0196 4668 SensrSvc - ok
20:29:06.0215 4668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
20:29:06.0223 4668 Serenum - ok
20:29:06.0235 4668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
20:29:06.0257 4668 Serial - ok
20:29:06.0264 4668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
20:29:06.0273 4668 sermouse - ok
20:29:06.0293 4668 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
20:29:06.0329 4668 SessionEnv - ok
20:29:06.0352 4668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:29:06.0362 4668 sffdisk - ok
20:29:06.0380 4668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:29:06.0390 4668 sffp_mmc - ok
20:29:06.0409 4668 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:29:06.0418 4668 sffp_sd - ok
20:29:06.0439 4668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:29:06.0462 4668 sfloppy - ok
20:29:06.0505 4668 SGDrv (2fe1cd3aa602414841db10ad96c95a5e) C:\windows\system32\DRIVERS\SGdrv64.sys
20:29:06.0512 4668 SGDrv - ok
20:29:06.0542 4668 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
20:29:06.0576 4668 SharedAccess - ok
20:29:06.0610 4668 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
20:29:06.0637 4668 ShellHWDetection - ok
20:29:06.0665 4668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
20:29:06.0672 4668 SiSRaid2 - ok
20:29:06.0687 4668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
20:29:06.0693 4668 SiSRaid4 - ok
20:29:06.0741 4668 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:29:06.0779 4668 SkypeUpdate - ok
20:29:06.0796 4668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:29:06.0823 4668 Smb - ok
20:29:06.0832 4668 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
20:29:06.0855 4668 SNMPTRAP - ok
20:29:06.0872 4668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:29:06.0878 4668 spldr - ok
20:29:06.0897 4668 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
20:29:06.0932 4668 Spooler - ok
20:29:07.0012 4668 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
20:29:07.0090 4668 sppsvc - ok
20:29:07.0175 4668 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
20:29:07.0214 4668 sppuinotify - ok
20:29:07.0290 4668 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:29:07.0318 4668 srv - ok
20:29:07.0328 4668 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:29:07.0341 4668 srv2 - ok
20:29:07.0368 4668 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:29:07.0398 4668 srvnet - ok
20:29:07.0407 4668 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
20:29:07.0434 4668 SSDPSRV - ok
20:29:07.0441 4668 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
20:29:07.0471 4668 SstpSvc - ok
20:29:07.0505 4668 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\windows\system32\DRIVERS\ssudmdm.sys
20:29:07.0513 4668 ssudmdm - ok
20:29:07.0544 4668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
20:29:07.0550 4668 stexstor - ok
20:29:07.0593 4668 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
20:29:07.0613 4668 stisvc - ok
20:29:07.0629 4668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:29:07.0635 4668 swenum - ok
20:29:07.0755 4668 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:29:07.0771 4668 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
20:29:07.0771 4668 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
20:29:07.0832 4668 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
20:29:07.0870 4668 swprv - ok
20:29:07.0904 4668 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
20:29:07.0944 4668 SysMain - ok
20:29:08.0043 4668 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
20:29:08.0067 4668 TabletInputService - ok
20:29:08.0091 4668 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
20:29:08.0119 4668 TapiSrv - ok
20:29:08.0126 4668 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
20:29:08.0153 4668 TBS - ok
20:29:08.0225 4668 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
20:29:08.0254 4668 Tcpip - ok
20:29:08.0279 4668 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
20:29:08.0309 4668 TCPIP6 - ok
20:29:08.0344 4668 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:29:08.0383 4668 tcpipreg - ok
20:29:08.0407 4668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:29:08.0415 4668 TDPIPE - ok
20:29:08.0454 4668 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
20:29:08.0462 4668 TDTCP - ok
20:29:08.0483 4668 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:29:08.0509 4668 tdx - ok
20:29:08.0521 4668 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
20:29:08.0530 4668 TermDD - ok
20:29:08.0564 4668 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
20:29:08.0595 4668 TermService - ok
20:29:08.0612 4668 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
20:29:08.0627 4668 Themes - ok
20:29:08.0653 4668 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:29:08.0678 4668 THREADORDER - ok
20:29:08.0704 4668 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
20:29:08.0713 4668 TPM - ok
20:29:08.0720 4668 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
20:29:08.0751 4668 TrkWks - ok
20:29:08.0809 4668 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
20:29:08.0852 4668 TrustedInstaller - ok
20:29:08.0887 4668 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:29:08.0911 4668 tssecsrv - ok
20:29:08.0919 4668 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:29:08.0939 4668 TsUsbFlt - ok
20:29:08.0946 4668 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
20:29:08.0955 4668 TsUsbGD - ok
20:29:08.0973 4668 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:29:08.0999 4668 tunnel - ok
20:29:09.0016 4668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
20:29:09.0022 4668 uagp35 - ok
20:29:09.0046 4668 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:29:09.0086 4668 udfs - ok
20:29:09.0120 4668 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
20:29:09.0135 4668 UI0Detect - ok
20:29:09.0163 4668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:29:09.0170 4668 uliagpkx - ok
20:29:09.0194 4668 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
20:29:09.0206 4668 umbus - ok
20:29:09.0232 4668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
20:29:09.0243 4668 UmPass - ok
20:29:09.0352 4668 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:29:09.0406 4668 UNS - ok
20:29:09.0503 4668 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
20:29:09.0536 4668 upnphost - ok
20:29:09.0601 4668 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
20:29:09.0609 4668 usbccgp - ok
20:29:09.0647 4668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:29:09.0658 4668 usbcir - ok
20:29:09.0684 4668 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
20:29:09.0691 4668 usbehci - ok
20:29:09.0710 4668 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:29:09.0738 4668 usbhub - ok
20:29:09.0754 4668 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
20:29:09.0762 4668 usbohci - ok
20:29:09.0785 4668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
20:29:09.0813 4668 usbprint - ok
20:29:09.0839 4668 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:29:09.0847 4668 USBSTOR - ok
20:29:09.0864 4668 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
20:29:09.0881 4668 usbuhci - ok
20:29:09.0905 4668 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
20:29:09.0929 4668 usbvideo - ok
20:29:09.0962 4668 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
20:29:10.0007 4668 UxSms - ok
20:29:10.0042 4668 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:29:10.0050 4668 VaultSvc - ok
20:29:10.0073 4668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:29:10.0079 4668 vdrvroot - ok
20:29:10.0099 4668 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
20:29:10.0154 4668 vds - ok
20:29:10.0174 4668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:29:10.0186 4668 vga - ok
20:29:10.0200 4668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:29:10.0226 4668 VgaSave - ok
20:29:10.0254 4668 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:29:10.0262 4668 vhdmp - ok
20:29:10.0275 4668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:29:10.0281 4668 viaide - ok
20:29:10.0306 4668 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:29:10.0313 4668 volmgr - ok
20:29:10.0323 4668 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:29:10.0335 4668 volmgrx - ok
20:29:10.0370 4668 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
20:29:10.0381 4668 volsnap - ok
20:29:10.0404 4668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
20:29:10.0411 4668 vsmraid - ok
20:29:10.0461 4668 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
20:29:10.0517 4668 VSS - ok
20:29:10.0625 4668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:29:10.0633 4668 vwifibus - ok
20:29:10.0666 4668 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys
20:29:10.0689 4668 vwififlt - ok
20:29:10.0710 4668 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys
20:29:10.0717 4668 vwifimp - ok
20:29:10.0750 4668 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
20:29:10.0786 4668 W32Time - ok
20:29:10.0810 4668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
20:29:10.0818 4668 WacomPen - ok
20:29:10.0826 4668 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:29:10.0852 4668 WANARP - ok
20:29:10.0855 4668 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:29:10.0883 4668 Wanarpv6 - ok
20:29:10.0923 4668 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
20:29:10.0968 4668 wbengine - ok
20:29:11.0075 4668 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
20:29:11.0117 4668 WbioSrvc - ok
20:29:11.0128 4668 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
20:29:11.0155 4668 wcncsvc - ok
20:29:11.0162 4668 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
20:29:11.0175 4668 WcsPlugInService - ok
20:29:11.0218 4668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
20:29:11.0225 4668 Wd - ok
20:29:11.0252 4668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:29:11.0270 4668 Wdf01000 - ok
20:29:11.0283 4668 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:29:11.0321 4668 WdiServiceHost - ok
20:29:11.0324 4668 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:29:11.0341 4668 WdiSystemHost - ok
20:29:11.0358 4668 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
20:29:11.0379 4668 WebClient - ok
20:29:11.0393 4668 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
20:29:11.0440 4668 Wecsvc - ok
20:29:11.0447 4668 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
20:29:11.0483 4668 wercplsupport - ok
20:29:11.0490 4668 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
20:29:11.0520 4668 WerSvc - ok
20:29:11.0535 4668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:29:11.0566 4668 WfpLwf - ok
20:29:11.0589 4668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:29:11.0595 4668 WIMMount - ok
20:29:11.0644 4668 WinDefend - ok
20:29:11.0649 4668 WinHttpAutoProxySvc - ok
20:29:11.0701 4668 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
20:29:11.0739 4668 Winmgmt - ok
20:29:11.0803 4668 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
20:29:11.0864 4668 WinRM - ok
20:29:11.0977 4668 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
20:29:11.0988 4668 WinUsb - ok
20:29:12.0028 4668 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
20:29:12.0060 4668 Wlansvc - ok
20:29:12.0137 4668 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:29:12.0145 4668 wlcrasvc - ok
20:29:12.0218 4668 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:29:12.0256 4668 wlidsvc - ok
20:29:12.0367 4668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
20:29:12.0376 4668 WmiAcpi - ok
20:29:12.0431 4668 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
20:29:12.0442 4668 wmiApSrv - ok
20:29:12.0483 4668 WMPNetworkSvc - ok
20:29:12.0511 4668 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
20:29:12.0521 4668 WPCSvc - ok
20:29:12.0528 4668 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
20:29:12.0545 4668 WPDBusEnum - ok
20:29:12.0564 4668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:29:12.0591 4668 ws2ifsl - ok
20:29:12.0598 4668 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
20:29:12.0617 4668 wscsvc - ok
20:29:12.0623 4668 WSearch - ok
20:29:12.0680 4668 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
20:29:12.0741 4668 wuauserv - ok
20:29:12.0855 4668 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:29:12.0883 4668 WudfPf - ok
20:29:12.0897 4668 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:29:12.0922 4668 WUDFRd - ok
20:29:12.0947 4668 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
20:29:12.0983 4668 wudfsvc - ok
20:29:12.0996 4668 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
20:29:13.0033 4668 WwanSvc - ok
20:29:13.0049 4668 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
20:29:13.0297 4668 \Device\Harddisk0\DR0 - ok
20:29:13.0301 4668 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
20:29:13.0365 4668 \Device\Harddisk1\DR1 - ok
20:29:13.0367 4668 Boot (0x1200) (bdacacfd515aa831c14191a6e236534b) \Device\Harddisk0\DR0\Partition0
20:29:13.0368 4668 \Device\Harddisk0\DR0\Partition0 - ok
20:29:13.0394 4668 Boot (0x1200) (c1385a4aedd2ede76b7f7fa3142200c0) \Device\Harddisk0\DR0\Partition1
20:29:13.0395 4668 \Device\Harddisk0\DR0\Partition1 - ok
20:29:13.0422 4668 Boot (0x1200) (4cef65900d1fc920c8b8192b2bce9098) \Device\Harddisk0\DR0\Partition2
20:29:13.0423 4668 \Device\Harddisk0\DR0\Partition2 - ok
20:29:13.0423 4668 ============================================================
20:29:13.0424 4668 Scan finished
20:29:13.0424 4668 ============================================================
20:29:13.0430 4472 Detected object count: 1
20:29:13.0430 4472 Actual detected object count: 1
20:29:24.0513 4472 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:24.0513 4472 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 26.03.2012, 21:35   #10
markusg
/// Malware-holic
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



gibts im moment noch werbung?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.03.2012, 21:39   #11
kazpa
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



Ja, aber sie tritt sehr periodisch auf. So jede 30 min ca. 5-15 Fenster dann ist wieder Ruhe.

Ich habe mit der Killer-Software ja auch nur geskipped bisher - den einen "Fund" habe ich nicht gelöscht

Alt 26.03.2012, 21:41   #12
markusg
/// Malware-holic
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



jo, dass soll ja auch so sein, da es keine schadsoftware ist.
erstelle und poste ein GMER log
http://www.trojaner-board.de/74908-a...t-scanner.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.03.2012, 21:54   #13
kazpa
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



Done

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-26 21:53:39
Windows 6.1.7601 Service Pack 1 
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4dea5e849                      
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4dea5e849 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
         
--- --- ---


Ich muss allerdings dazu sagen, dass ich bei GMER rechts an der Seite nicht überall ein Häckchen setzen konnte. Nur bei den unstersten 3 ..

Alt 27.03.2012, 10:53   #14
markusg
/// Malware-holic
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



wird denn bei der werbung immer zu speziellen adressen verbunden? oder sinds immer unterschiedliche, falls nein, mal posten bitte
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.03.2012, 14:09   #15
kazpa
 
IE Werbefenster öffnen sich willkürlich - Standard

IE Werbefenster öffnen sich willkürlich



Hallo,
es sind ein paar bestimmte adressen.
1. ad.xtendmedia.com
2. browsergame.travian

ich habe ein screenshot angehängt.

Danke, dass Du dich immernoch bemühst mir zu helfen!
Angehängte Grafiken
Dateityp: png trojaner2.png (115,0 KB, 123x aufgerufen)

Antwort

Themen zu IE Werbefenster öffnen sich willkürlich
acrobat update, adobe, adware, antivir, avg, avira, bho, browser, desktop, dll, explorer, firefox, hijack, hijackthis, internet, internet explorer, log, maßnahme, mozilla, notification, problem, rundll, safer networking, security, software, superantispyware, werbefenster, werbung, windows



Ähnliche Themen: IE Werbefenster öffnen sich willkürlich


  1. Windows 7 Werbefenster öffnen sich überall
    Log-Analyse und Auswertung - 16.01.2015 (1)
  2. Windows 7 - Werbefenster öffnen sich überall
    Log-Analyse und Auswertung - 25.08.2014 (21)
  3. Windows 7:werbefenster öffnen sich
    Log-Analyse und Auswertung - 15.04.2014 (11)
  4. Windows 7: Wörter verlinkt und Tabs, die sich willkürlich öffnen
    Log-Analyse und Auswertung - 27.02.2014 (12)
  5. Werbefenster öffnen sich bei Firefox
    Plagegeister aller Art und deren Bekämpfung - 22.01.2014 (14)
  6. Rot unterstrichen im Firefox, Werbefenster öffnen sich
    Plagegeister aller Art und deren Bekämpfung - 29.09.2013 (3)
  7. Werbefenster öffnen sich in fast jedem Tab
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (19)
  8. Unerwünschte Werbefenster öffnen sich ständig
    Plagegeister aller Art und deren Bekämpfung - 20.06.2010 (3)
  9. Werbefenster öffnen sich bei Firefox
    Log-Analyse und Auswertung - 02.04.2009 (6)
  10. Werbefenster öffnen sich selbstständig
    Log-Analyse und Auswertung - 06.11.2008 (4)
  11. es öffnen sich andauernt werbefenster.. :(
    Mülltonne - 25.08.2008 (0)
  12. Werbefenster öffnen sich
    Log-Analyse und Auswertung - 10.03.2008 (7)
  13. Es öffnen sich immer einfach WErbefenster!
    Log-Analyse und Auswertung - 26.12.2007 (4)
  14. Es öffnen sich einfach werbefenster
    Log-Analyse und Auswertung - 26.12.2007 (10)
  15. Werbefenster öffnen sich
    Log-Analyse und Auswertung - 07.03.2007 (1)
  16. Werbefenster öffnen sich
    Log-Analyse und Auswertung - 31.12.2006 (2)
  17. Startseite verändert, popups und Seiten öffnen sich willkürlich
    Plagegeister aller Art und deren Bekämpfung - 12.12.2004 (12)

Zum Thema IE Werbefenster öffnen sich willkürlich - Hallo Trojaner-Experten, wie auch schon Andere vor mir habe ich das Problem, dass sich seit ca. 3 Tagen willkürlich Internet Explorer Fenster mit Werbung öffnen. Ich arbeite mit Firefox bzw. - IE Werbefenster öffnen sich willkürlich...
Archiv
Du betrachtest: IE Werbefenster öffnen sich willkürlich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.