| |
| |||||||
Log-Analyse und Auswertung: IE Werbefenster öffnen sich willkürlichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.03.2012, 14:08
| #1 |
 |  IE Werbefenster öffnen sich willkürlich Hallo Trojaner-Experten, wie auch schon Andere vor mir habe ich das Problem, dass sich seit ca. 3 Tagen willkürlich Internet Explorer Fenster mit Werbung öffnen. Ich arbeite mit Firefox bzw. Opera. Bisherige Gegenmaßnahmen: Spybot search and destroy ausgeführt. SUPERantiSpyware mehrfach ausgeführt. Es werden immer nur Adware Tracking Coockies gefunden - diese aber zahlreich. Wenn ich sie gelöscht habe besteht das oben genannte Problem für einige Zeit nicht - tritt aber irgendwann wieder auf. Ein erneuter Suchlauf bringt wieder jede Menge Cookies zum Vorschein. Ein Log ist im Anhang Antivir hat gestern auch 3 Dateien gefunden - die Logs sind im Anhang Ich habe Hijackthis drüber laufen lassen - hier die Logdatei (auch nochmal im Anhang): Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:42:57, on 26.03.2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe C:\windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe C:\ATI R\setup.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe D:\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: setup.url O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11990 bytes Ich hoffe mit der Thread erfülle ich alle 8 Gebote dieses Boards und natürlich, dass mir jemand von euch helfen kann - dieser Werbefenster nerven kollosal. Mit freundlichen Grüßen - Der Kasper |
|
26.03.2012, 14:35
| #2 |
| /// Malware-holic   | IE Werbefenster öffnen sich willkürlich Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
26.03.2012, 15:02
| #3 |
| | IE Werbefenster öffnen sich willkürlich Hallo markusg,
__________________danke für die schnelle Reaktion. OTL.exe wurde ausgeführt. Ist natürlich alles zu lang. Also wieder im Anhang. Die Hosts habe ich eigenhändig gelöscht. Mit ist aber aufgefallen, dass Spybot search and destroy da sehr viele Einträge hinzugefügt hat. Ich nehme an es hat seine Richtigkeit. Gruß, der Kasper |
|
26.03.2012, 15:12
| #4 |
| /// Malware-holic | IE Werbefenster öffnen sich willkürlich ist das ne spezielle werbung, also ne spezielle seite die geöffnet wird?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.03.2012, 16:55
| #5 |
| | IE Werbefenster öffnen sich willkürlich Hallo, Bestimmte Werbungen wiederholen sich. So z.B. für BMW, für das Spiel Travian... Ich habe einen Screenshot angehängt. Gruß, der kasper |
|
26.03.2012, 17:04
| #6 |
| /// Malware-holic | IE Werbefenster öffnen sich willkürlichCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ --> IE Werbefenster öffnen sich willkürlich |
|
26.03.2012, 18:11
| #7 |
| | IE Werbefenster öffnen sich willkürlich Hallo, hier kommt die Log vom CombiFix: Combofix Logfile: Code:
ATTFilter ComboFix 12-03-26.02 - Kasper 26.03.2012 18:36:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6058.4189 [GMT 2:00]
ausgeführt von:: d:\desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kasper\AppData\Local\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-26 bis 2012-03-26 ))))))))))))))))))))))))))))))
.
.
2012-03-26 16:42 . 2012-03-26 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 22:51 . 2012-03-25 22:51 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61D84421-7605-489A-B4AD-011C71BE96A1}\offreg.dll
2012-03-25 20:48 . 2012-03-25 20:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-25 20:48 . 2012-03-25 20:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-24 10:33 . 2012-03-24 11:37 -------- d-----w- C:\Temp
2012-03-24 10:10 . 2012-03-24 11:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-24 10:10 . 2012-03-24 10:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-23 12:50 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{61D84421-7605-489A-B4AD-011C71BE96A1}\mpengine.dll
2012-03-21 12:20 . 2012-03-26 17:06 28160 ----a-w- c:\windows\SysWow64\setup.exe
2012-03-21 12:20 . 2012-03-26 17:06 28160 ----a-w- c:\windows\SysWow64\setup1.1.exe
2012-03-15 02:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 02:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 02:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 08:55 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 08:55 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 08:55 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 08:55 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:55 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:55 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 08:55 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:55 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:55 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 22:28 . 2012-03-13 22:28 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-13 14:42 . 2012-03-13 14:42 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-03-13 14:42 . 2012-03-13 14:42 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy
2012-03-11 22:02 . 2012-03-11 22:02 -------- d-----w- c:\windows\Sun
2012-03-11 22:02 . 2012-03-11 22:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-11 22:02 . 2012-03-11 22:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-11 22:02 . 2012-03-11 22:02 -------- d-----w- c:\program files (x86)\Java
2012-03-09 15:06 . 2012-03-09 16:10 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-03-09 15:06 . 2012-03-09 15:24 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-03-08 16:16 . 2012-03-08 16:16 -------- d-----w- c:\program files (x86)\Citavi 3
2012-03-08 13:43 . 2012-03-08 16:16 -------- d-----w- c:\programdata\Swiss Academic Software
2012-03-08 02:40 . 2012-03-08 02:40 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-07 22:12 . 2012-03-07 22:13 -------- d-----w- c:\program files (x86)\Opera
2012-03-07 14:16 . 2012-03-11 13:22 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-03-07 02:11 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-03-06 22:41 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-03-06 22:41 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-03-06 22:40 . 2012-03-06 22:40 -------- d-----w- c:\program files (x86)\Winamp Detect
2012-03-06 22:40 . 2012-03-06 22:41 -------- d-----w- c:\program files (x86)\Winamp
2012-03-06 22:40 . 2012-03-06 22:40 -------- d-----w- C:\ATI R
2012-03-06 22:38 . 2012-03-06 22:38 -------- d-----w- c:\program files\7-Zip
2012-03-06 22:28 . 2012-03-06 22:28 -------- d-----w- c:\program files (x86)\VideoLAN
2012-03-06 16:56 . 2012-03-06 16:56 -------- d-----w- c:\programdata\ATI
2012-03-06 15:20 . 2012-03-06 15:20 -------- d-----w- c:\programdata\ALM
2012-03-06 15:16 . 2012-03-06 15:16 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-03-06 15:15 . 2012-03-06 22:40 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-03-06 15:15 . 2012-03-06 15:15 -------- d-----w- c:\program files (x86)\My Company Name
2012-03-06 15:15 . 2012-03-06 15:15 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-03-06 15:15 . 2011-03-04 19:44 55856 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-03-06 15:15 . 2009-06-23 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-03-06 15:15 . 2009-06-23 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-03-06 15:15 . 2012-03-06 15:23 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-06 15:14 . 2012-03-06 15:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-03-06 14:53 . 2012-03-06 15:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-03-06 14:50 . 2012-03-06 14:50 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-06 14:50 . 2012-03-06 14:50 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-03-06 14:49 . 2012-03-06 14:50 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-06 14:43 . 2012-03-09 02:02 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-03-06 14:43 . 2012-03-10 02:01 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-06 14:41 . 2012-03-06 14:41 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-03-06 14:41 . 2012-03-20 19:18 -------- d-----w- c:\programdata\Microsoft Help
2012-03-06 14:41 . 2012-03-06 14:41 -------- d-----r- C:\MSOCache
2012-03-06 14:34 . 2012-03-06 14:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 14:33 . 2012-03-06 14:33 -------- d-----w- c:\windows\system32\Macromed
2012-03-06 14:06 . 2012-03-06 14:08 -------- d-----w- c:\program files (x86)\RocketDock
2012-03-06 12:37 . 2012-01-31 07:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-06 12:37 . 2012-01-31 07:56 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-06 12:37 . 2011-09-16 15:08 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-06 12:37 . 2012-03-06 12:37 -------- d-----w- c:\programdata\Avira
2012-03-06 12:37 . 2012-03-06 12:37 -------- d-----w- c:\program files (x86)\Avira
2012-03-06 11:04 . 2011-02-15 23:35 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-03-06 11:04 . 2011-01-25 00:29 107560 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-03-06 11:04 . 2011-01-10 23:15 349736 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2012-03-06 11:04 . 2010-09-21 07:20 22056 ----a-w- c:\windows\system32\btwcoins.dll
2012-03-06 11:04 . 2010-09-14 22:59 138280 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-03-06 11:04 . 2010-09-14 22:59 21416 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-03-06 11:03 . 2012-03-06 11:03 -------- d-----w- c:\program files\WIDCOMM
2012-03-06 11:03 . 2012-03-13 22:28 -------- d-----r- c:\program files (x86)\Skype
2012-03-06 11:02 . 2012-03-13 22:28 -------- d-----w- c:\programdata\Skype
2012-03-06 11:02 . 2012-03-08 06:34 -------- d-----w- c:\users\Kasper
2012-03-06 11:02 . 2012-03-06 11:02 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 11:43 . 2011-03-28 09:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 23:24 . 2012-02-15 23:24 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-02-15 23:24 . 2012-02-15 23:24 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-22 21416]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-22 943504]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Kasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup.url [2012-3-26 94]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-5-10 1131296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DelayedDesktopSwitchTimeout"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2011-09-23 79664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-01 12661352]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kasper\AppData\Roaming\Mozilla\Firefox\Profiles\q7tlne0c.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.opera.com/m/#!/Inbox
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Notify-igfxcui - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-HijackThis - d:\downloads\HijackThis.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fc,d6,ff,7b,11,40,e4,17,2a,e6,cc,ff,00,00,61,5f,cf,48,61,15,1d,
18,9a,8d,29,99,45,e1,9a,6c,c0,d9,35,fe,78,60,64,33,ce,d8,75,87,1d,5f,62,26,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:fc,d6,ff,7b,11,40,e4,17,2a,e6,cc,ff,00,00,61,5f,cf,48,61,15,1d,
18,9a,8d,29,99,45,e1,9a,6c,c0,d9,35,fe,78,60,64,33,ce,d8,75,87,1d,5f,62,26,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\ati r\setup.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Samsung\Kies\External\DeviceModules\DeviceManager.exe
c:\program files (x86)\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-26 19:09:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-26 17:09
.
Vor Suchlauf: 10 Verzeichnis(se), 340.642.299.904 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 340.046.217.216 Bytes frei
.
- - End Of File - - 09EFE21147BC109F00A0EE492B08CAEB
Hoffe das hilft. Gruß, der Kasper |
|
26.03.2012, 19:21
| #8 |
| /// Malware-holic | IE Werbefenster öffnen sich willkürlich download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.03.2012, 19:30
| #9 |
| | IE Werbefenster öffnen sich willkürlich Unglaublich, was es alles für tools gibt. Hier die Log : 20:28:29.0787 3632 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18 20:28:30.0017 3632 ============================================================ 20:28:30.0017 3632 Current date / time: 2012/03/26 20:28:30.0017 20:28:30.0017 3632 SystemInfo: 20:28:30.0017 3632 20:28:30.0017 3632 OS Version: 6.1.7601 ServicePack: 1.0 20:28:30.0017 3632 Product type: Workstation 20:28:30.0017 3632 ComputerName: KASPERSMACHINE 20:28:30.0017 3632 UserName: Kasper 20:28:30.0017 3632 Windows directory: C:\windows 20:28:30.0017 3632 System windows directory: C:\windows 20:28:30.0017 3632 Running under WOW64 20:28:30.0017 3632 Processor architecture: Intel x64 20:28:30.0017 3632 Number of processors: 4 20:28:30.0017 3632 Page size: 0x1000 20:28:30.0017 3632 Boot type: Normal boot 20:28:30.0017 3632 ============================================================ 20:28:30.0287 3632 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:28:30.0288 3632 Drive \Device\Harddisk1\DR1 - Size: 0x1DD936000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CA5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040 20:28:30.0292 3632 \Device\Harddisk0\DR0: 20:28:30.0292 3632 MBR used 20:28:30.0292 3632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:28:30.0292 3632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2D600000 20:28:30.0372 3632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2D633000, BlocksNum 0x4409B800 20:28:30.0372 3632 \Device\Harddisk1\DR1: 20:28:30.0372 3632 MBR used 20:28:30.0552 3632 Initialize success 20:28:30.0552 3632 ============================================================ 20:28:46.0319 4668 ============================================================ 20:28:46.0319 4668 Scan started 20:28:46.0319 4668 Mode: Manual; SigCheck; TDLFS; 20:28:46.0320 4668 ============================================================ 20:28:46.0644 4668 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 20:28:46.0670 4668 !SASCORE - ok 20:28:46.0821 4668 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 20:28:46.0834 4668 1394ohci - ok 20:28:46.0861 4668 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 20:28:46.0872 4668 ACPI - ok 20:28:46.0902 4668 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys 20:28:46.0922 4668 acpials - ok 20:28:47.0007 4668 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 20:28:47.0030 4668 AcpiPmi - ok 20:28:47.0148 4668 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:28:47.0154 4668 AdobeARMservice - ok 20:28:47.0247 4668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 20:28:47.0262 4668 adp94xx - ok 20:28:47.0292 4668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 20:28:47.0303 4668 adpahci - ok 20:28:47.0323 4668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 20:28:47.0333 4668 adpu320 - ok 20:28:47.0356 4668 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 20:28:47.0412 4668 AeLookupSvc - ok 20:28:47.0490 4668 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 20:28:47.0505 4668 AFD - ok 20:28:47.0530 4668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 20:28:47.0536 4668 agp440 - ok 20:28:47.0543 4668 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 20:28:47.0597 4668 ALG - ok 20:28:47.0635 4668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 20:28:47.0641 4668 aliide - ok 20:28:47.0698 4668 AMD External Events Utility (41161c9e6b6fda5631812c7baed660d9) C:\windows\system32\atiesrxx.exe 20:28:47.0779 4668 AMD External Events Utility - ok 20:28:47.0835 4668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 20:28:47.0841 4668 amdide - ok 20:28:47.0877 4668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 20:28:47.0894 4668 AmdK8 - ok 20:28:48.0087 4668 amdkmdag (721472b844e2e0e7695dda2bbf31652f) C:\windows\system32\DRIVERS\atikmdag.sys 20:28:48.0266 4668 amdkmdag - ok 20:28:48.0459 4668 amdkmdap (49b52d2bacea3a3c3d900082e031d5ee) C:\windows\system32\DRIVERS\atikmpag.sys 20:28:48.0472 4668 amdkmdap - ok 20:28:48.0494 4668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys 20:28:48.0513 4668 AmdPPM - ok 20:28:48.0545 4668 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 20:28:48.0553 4668 amdsata - ok 20:28:48.0579 4668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 20:28:48.0588 4668 amdsbs - ok 20:28:48.0606 4668 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 20:28:48.0612 4668 amdxata - ok 20:28:48.0683 4668 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 20:28:48.0692 4668 AntiVirSchedulerService - ok 20:28:48.0713 4668 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 20:28:48.0719 4668 AntiVirService - ok 20:28:48.0785 4668 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 20:28:48.0831 4668 AppID - ok 20:28:48.0855 4668 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 20:28:48.0883 4668 AppIDSvc - ok 20:28:48.0891 4668 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 20:28:48.0923 4668 Appinfo - ok 20:28:48.0950 4668 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 20:28:48.0958 4668 arc - ok 20:28:48.0971 4668 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 20:28:48.0978 4668 arcsas - ok 20:28:49.0048 4668 asmthub3 (0aa7a996792fb0287b33a57a8093ae44) C:\windows\system32\DRIVERS\asmthub3.sys 20:28:49.0070 4668 asmthub3 - ok 20:28:49.0103 4668 asmtxhci (125dc3abf5bfccfe82ad17d078e0b9ec) C:\windows\system32\DRIVERS\asmtxhci.sys 20:28:49.0112 4668 asmtxhci - ok 20:28:49.0119 4668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 20:28:49.0144 4668 AsyncMac - ok 20:28:49.0151 4668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 20:28:49.0158 4668 atapi - ok 20:28:49.0184 4668 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 20:28:49.0224 4668 AudioEndpointBuilder - ok 20:28:49.0232 4668 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 20:28:49.0265 4668 AudioSrv - ok 20:28:49.0291 4668 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\windows\system32\DRIVERS\avgntflt.sys 20:28:49.0297 4668 avgntflt - ok 20:28:49.0311 4668 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\windows\system32\DRIVERS\avipbb.sys 20:28:49.0318 4668 avipbb - ok 20:28:49.0391 4668 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys 20:28:49.0397 4668 avkmgr - ok 20:28:49.0425 4668 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 20:28:49.0445 4668 AxInstSV - ok 20:28:49.0475 4668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 20:28:49.0508 4668 b06bdrv - ok 20:28:49.0532 4668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 20:28:49.0551 4668 b57nd60a - ok 20:28:49.0616 4668 BCM43XX (63dd9c990883709053dd2c427df0db6f) C:\windows\system32\DRIVERS\bcmwl664.sys 20:28:49.0660 4668 BCM43XX - ok 20:28:49.0803 4668 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 20:28:49.0827 4668 BDESVC - ok 20:28:49.0874 4668 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 20:28:49.0899 4668 Beep - ok 20:28:49.0932 4668 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 20:28:49.0973 4668 BFE - ok 20:28:50.0010 4668 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll 20:28:50.0048 4668 BITS - ok 20:28:50.0059 4668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 20:28:50.0074 4668 blbdrive - ok 20:28:50.0114 4668 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 20:28:50.0125 4668 bowser - ok 20:28:50.0145 4668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 20:28:50.0155 4668 BrFiltLo - ok 20:28:50.0225 4668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 20:28:50.0234 4668 BrFiltUp - ok 20:28:50.0256 4668 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys 20:28:50.0291 4668 BridgeMP - ok 20:28:50.0309 4668 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 20:28:50.0338 4668 Browser - ok 20:28:50.0375 4668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 20:28:50.0388 4668 Brserid - ok 20:28:50.0395 4668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 20:28:50.0419 4668 BrSerWdm - ok 20:28:50.0436 4668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 20:28:50.0450 4668 BrUsbMdm - ok 20:28:50.0464 4668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 20:28:50.0475 4668 BrUsbSer - ok 20:28:50.0512 4668 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys 20:28:50.0532 4668 BthEnum - ok 20:28:50.0601 4668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 20:28:50.0613 4668 BTHMODEM - ok 20:28:50.0623 4668 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys 20:28:50.0634 4668 BthPan - ok 20:28:50.0678 4668 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys 20:28:50.0694 4668 BTHPORT - ok 20:28:50.0720 4668 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 20:28:50.0748 4668 bthserv - ok 20:28:50.0771 4668 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys 20:28:50.0794 4668 BTHUSB - ok 20:28:50.0894 4668 BTWAMPFL (a0dfb69ade3444c78b17636fcf28e898) C:\windows\system32\DRIVERS\btwampfl.sys 20:28:50.0903 4668 BTWAMPFL - ok 20:28:50.0922 4668 btwaudio (7cf028ce78696882b327ff13d2dfa534) C:\windows\system32\drivers\btwaudio.sys 20:28:50.0930 4668 btwaudio - ok 20:28:50.0949 4668 btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\DRIVERS\btwavdt.sys 20:28:50.0956 4668 btwavdt - ok 20:28:51.0094 4668 btwdins (2e79f03d1dc44426c59d01bfdd3462c0) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 20:28:51.0110 4668 btwdins - ok 20:28:51.0289 4668 btwl2cap (346b4051b3d7ff70e8f027869b8eca6e) C:\windows\system32\DRIVERS\btwl2cap.sys 20:28:51.0295 4668 btwl2cap - ok 20:28:51.0318 4668 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys 20:28:51.0323 4668 btwrchid - ok 20:28:51.0325 4668 catchme - ok 20:28:51.0362 4668 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 20:28:51.0395 4668 cdfs - ok 20:28:51.0412 4668 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 20:28:51.0422 4668 cdrom - ok 20:28:51.0442 4668 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 20:28:51.0470 4668 CertPropSvc - ok 20:28:51.0486 4668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 20:28:51.0502 4668 circlass - ok 20:28:51.0526 4668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 20:28:51.0538 4668 CLFS - ok 20:28:51.0647 4668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:28:51.0657 4668 clr_optimization_v2.0.50727_32 - ok 20:28:51.0711 4668 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:28:51.0720 4668 clr_optimization_v2.0.50727_64 - ok 20:28:51.0838 4668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:28:51.0844 4668 clr_optimization_v4.0.30319_32 - ok 20:28:51.0870 4668 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:28:51.0876 4668 clr_optimization_v4.0.30319_64 - ok 20:28:52.0015 4668 clwvd (e13a438f9e51dd034730678e33b73290) C:\windows\system32\DRIVERS\clwvd.sys 20:28:52.0021 4668 clwvd - ok 20:28:52.0047 4668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 20:28:52.0064 4668 CmBatt - ok 20:28:52.0083 4668 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 20:28:52.0088 4668 cmdide - ok 20:28:52.0195 4668 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 20:28:52.0215 4668 CNG - ok 20:28:52.0221 4668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys 20:28:52.0227 4668 Compbatt - ok 20:28:52.0234 4668 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 20:28:52.0244 4668 CompositeBus - ok 20:28:52.0250 4668 COMSysApp - ok 20:28:52.0272 4668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 20:28:52.0277 4668 crcdisk - ok 20:28:52.0314 4668 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll 20:28:52.0343 4668 CryptSvc - ok 20:28:52.0372 4668 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 20:28:52.0403 4668 DcomLaunch - ok 20:28:52.0427 4668 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 20:28:52.0469 4668 defragsvc - ok 20:28:52.0506 4668 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 20:28:52.0545 4668 DfsC - ok 20:28:52.0553 4668 dgderdrv - ok 20:28:52.0585 4668 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\windows\system32\DRIVERS\ssudbus.sys 20:28:52.0591 4668 dg_ssudbus - ok 20:28:52.0609 4668 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 20:28:52.0650 4668 Dhcp - ok 20:28:52.0665 4668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 20:28:52.0691 4668 discache - ok 20:28:52.0710 4668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 20:28:52.0716 4668 Disk - ok 20:28:52.0740 4668 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 20:28:52.0774 4668 Dnscache - ok 20:28:52.0862 4668 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 20:28:52.0906 4668 dot3svc - ok 20:28:52.0913 4668 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 20:28:52.0949 4668 DPS - ok 20:28:52.0963 4668 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 20:28:52.0991 4668 drmkaud - ok 20:28:53.0035 4668 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\windows\system32\DRIVERS\dtsoftbus01.sys 20:28:53.0043 4668 dtsoftbus01 - ok 20:28:53.0146 4668 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 20:28:53.0164 4668 DXGKrnl - ok 20:28:53.0196 4668 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 20:28:53.0222 4668 EapHost - ok 20:28:53.0312 4668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 20:28:53.0367 4668 ebdrv - ok 20:28:53.0514 4668 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 20:28:53.0521 4668 EFS - ok 20:28:53.0571 4668 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 20:28:53.0598 4668 ehRecvr - ok 20:28:53.0604 4668 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 20:28:53.0618 4668 ehSched - ok 20:28:53.0712 4668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 20:28:53.0728 4668 elxstor - ok 20:28:53.0745 4668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 20:28:53.0754 4668 ErrDev - ok 20:28:53.0789 4668 ETD (fd0d922de7d2ad9e98562caa19a7cd2d) C:\windows\system32\DRIVERS\ETD.sys 20:28:53.0797 4668 ETD - ok 20:28:53.0822 4668 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 20:28:53.0856 4668 EventSystem - ok 20:28:53.0876 4668 excfs (f5edae6d881bec339ab53020082f6c61) C:\windows\system32\DRIVERS\excfs.sys 20:28:53.0881 4668 excfs - ok 20:28:53.0889 4668 excsd (01f4de24bf8adb020f2515b69a6255e7) C:\windows\system32\DRIVERS\excsd.sys 20:28:53.0896 4668 excsd - ok 20:28:53.0923 4668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 20:28:53.0951 4668 exfat - ok 20:28:54.0081 4668 ExpressCache (76bcb62e9bf82af629b70a6553bf7428) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe 20:28:54.0090 4668 ExpressCache - ok 20:28:54.0110 4668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 20:28:54.0147 4668 fastfat - ok 20:28:54.0261 4668 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 20:28:54.0290 4668 Fax - ok 20:28:54.0306 4668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 20:28:54.0318 4668 fdc - ok 20:28:54.0338 4668 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 20:28:54.0368 4668 fdPHost - ok 20:28:54.0374 4668 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 20:28:54.0420 4668 FDResPub - ok 20:28:54.0432 4668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 20:28:54.0439 4668 FileInfo - ok 20:28:54.0460 4668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 20:28:54.0493 4668 Filetrace - ok 20:28:54.0504 4668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 20:28:54.0512 4668 flpydisk - ok 20:28:54.0540 4668 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 20:28:54.0550 4668 FltMgr - ok 20:28:54.0586 4668 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 20:28:54.0603 4668 FontCache - ok 20:28:54.0752 4668 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:28:54.0759 4668 FontCache3.0.0.0 - ok 20:28:54.0897 4668 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 20:28:54.0903 4668 FsDepends - ok 20:28:54.0919 4668 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys 20:28:54.0928 4668 Fs_Rec - ok 20:28:54.0944 4668 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 20:28:54.0955 4668 fvevol - ok 20:28:54.0975 4668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 20:28:54.0981 4668 gagp30kx - ok 20:28:55.0076 4668 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe 20:28:55.0090 4668 GameConsoleService - ok 20:28:55.0130 4668 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 20:28:55.0163 4668 gpsvc - ok 20:28:55.0180 4668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 20:28:55.0203 4668 hcw85cir - ok 20:28:55.0279 4668 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 20:28:55.0309 4668 HdAudAddService - ok 20:28:55.0322 4668 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 20:28:55.0345 4668 HDAudBus - ok 20:28:55.0359 4668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 20:28:55.0383 4668 HidBatt - ok 20:28:55.0400 4668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 20:28:55.0426 4668 HidBth - ok 20:28:55.0445 4668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 20:28:55.0455 4668 HidIr - ok 20:28:55.0483 4668 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll 20:28:55.0582 4668 hidserv - ok 20:28:55.0610 4668 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 20:28:55.0618 4668 HidUsb - ok 20:28:55.0638 4668 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 20:28:55.0666 4668 hkmsvc - ok 20:28:55.0674 4668 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 20:28:55.0686 4668 HomeGroupListener - ok 20:28:55.0709 4668 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 20:28:55.0722 4668 HomeGroupProvider - ok 20:28:55.0749 4668 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 20:28:55.0756 4668 HpSAMD - ok 20:28:55.0787 4668 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 20:28:55.0842 4668 HTTP - ok 20:28:55.0864 4668 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 20:28:55.0871 4668 hwpolicy - ok 20:28:55.0926 4668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 20:28:55.0934 4668 i8042prt - ok 20:28:55.0971 4668 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\windows\system32\DRIVERS\iaStor.sys 20:28:55.0980 4668 iaStor - ok 20:28:56.0017 4668 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 20:28:56.0031 4668 iaStorV - ok 20:28:56.0132 4668 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:28:56.0162 4668 idsvc - ok 20:28:56.0398 4668 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys 20:28:56.0685 4668 igfx - ok 20:28:56.0868 4668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 20:28:56.0874 4668 iirsp - ok 20:28:56.0907 4668 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 20:28:56.0949 4668 IKEEXT - ok 20:28:57.0046 4668 IntcAzAudAddService (5205de9bd47f633e06ef3ef3de11ef99) C:\windows\system32\drivers\RTKVHD64.sys 20:28:57.0088 4668 IntcAzAudAddService - ok 20:28:57.0206 4668 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys 20:28:57.0217 4668 IntcDAud - ok 20:28:57.0277 4668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 20:28:57.0283 4668 intelide - ok 20:28:57.0508 4668 intelkmd (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdpmd64.sys 20:28:57.0744 4668 intelkmd - ok 20:28:57.0927 4668 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 20:28:57.0941 4668 intelppm - ok 20:28:57.0967 4668 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 20:28:57.0996 4668 IPBusEnum - ok 20:28:58.0042 4668 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 20:28:58.0077 4668 IpFilterDriver - ok 20:28:58.0097 4668 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 20:28:58.0126 4668 iphlpsvc - ok 20:28:58.0149 4668 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 20:28:58.0159 4668 IPMIDRV - ok 20:28:58.0176 4668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 20:28:58.0207 4668 IPNAT - ok 20:28:58.0224 4668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 20:28:58.0235 4668 IRENUM - ok 20:28:58.0242 4668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 20:28:58.0248 4668 isapnp - ok 20:28:58.0307 4668 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 20:28:58.0317 4668 iScsiPrt - ok 20:28:58.0333 4668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 20:28:58.0339 4668 kbdclass - ok 20:28:58.0359 4668 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys 20:28:58.0368 4668 kbdhid - ok 20:28:58.0406 4668 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 20:28:58.0413 4668 KeyIso - ok 20:28:58.0474 4668 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 20:28:58.0481 4668 KSecDD - ok 20:28:58.0500 4668 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 20:28:58.0507 4668 KSecPkg - ok 20:28:58.0517 4668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 20:28:58.0543 4668 ksthunk - ok 20:28:58.0581 4668 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 20:28:58.0617 4668 KtmRm - ok 20:28:58.0675 4668 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll 20:28:58.0719 4668 LanmanServer - ok 20:28:58.0736 4668 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 20:28:58.0768 4668 LanmanWorkstation - ok 20:28:58.0784 4668 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 20:28:58.0828 4668 lltdio - ok 20:28:58.0860 4668 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 20:28:58.0896 4668 lltdsvc - ok 20:28:58.0943 4668 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 20:28:58.0969 4668 lmhosts - ok 20:28:59.0053 4668 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 20:28:59.0061 4668 LMS - ok 20:28:59.0158 4668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 20:28:59.0165 4668 LSI_FC - ok 20:28:59.0173 4668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 20:28:59.0180 4668 LSI_SAS - ok 20:28:59.0195 4668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 20:28:59.0202 4668 LSI_SAS2 - ok 20:28:59.0218 4668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 20:28:59.0225 4668 LSI_SCSI - ok 20:28:59.0243 4668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 20:28:59.0270 4668 luafv - ok 20:28:59.0303 4668 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 20:28:59.0318 4668 Mcx2Svc - ok 20:28:59.0333 4668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 20:28:59.0339 4668 megasas - ok 20:28:59.0354 4668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 20:28:59.0363 4668 MegaSR - ok 20:28:59.0400 4668 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys 20:28:59.0405 4668 MEIx64 - ok 20:28:59.0555 4668 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 20:28:59.0564 4668 Microsoft Office Groove Audit Service - ok 20:28:59.0601 4668 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 20:28:59.0630 4668 MMCSS - ok 20:28:59.0646 4668 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 20:28:59.0687 4668 Modem - ok 20:28:59.0708 4668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 20:28:59.0725 4668 monitor - ok 20:28:59.0746 4668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 20:28:59.0752 4668 mouclass - ok 20:28:59.0782 4668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 20:28:59.0791 4668 mouhid - ok 20:28:59.0810 4668 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 20:28:59.0817 4668 mountmgr - ok 20:28:59.0845 4668 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 20:28:59.0853 4668 mpio - ok 20:28:59.0868 4668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 20:28:59.0895 4668 mpsdrv - ok 20:28:59.0934 4668 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 20:28:59.0977 4668 MpsSvc - ok 20:28:59.0997 4668 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 20:29:00.0011 4668 MRxDAV - ok 20:29:00.0089 4668 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 20:29:00.0100 4668 mrxsmb - ok 20:29:00.0139 4668 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 20:29:00.0149 4668 mrxsmb10 - ok 20:29:00.0173 4668 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 20:29:00.0182 4668 mrxsmb20 - ok 20:29:00.0199 4668 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys 20:29:00.0205 4668 msahci - ok 20:29:00.0220 4668 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 20:29:00.0230 4668 msdsm - ok 20:29:00.0268 4668 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 20:29:00.0282 4668 MSDTC - ok 20:29:00.0292 4668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 20:29:00.0385 4668 Msfs - ok 20:29:00.0403 4668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 20:29:00.0428 4668 mshidkmdf - ok 20:29:00.0449 4668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 20:29:00.0456 4668 msisadrv - ok 20:29:00.0488 4668 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 20:29:00.0518 4668 MSiSCSI - ok 20:29:00.0523 4668 msiserver - ok 20:29:00.0548 4668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 20:29:00.0574 4668 MSKSSRV - ok 20:29:00.0593 4668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 20:29:00.0626 4668 MSPCLOCK - ok 20:29:00.0696 4668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 20:29:00.0721 4668 MSPQM - ok 20:29:00.0741 4668 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 20:29:00.0753 4668 MsRPC - ok 20:29:00.0784 4668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 20:29:00.0790 4668 mssmbios - ok 20:29:00.0860 4668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 20:29:00.0886 4668 MSTEE - ok 20:29:00.0901 4668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 20:29:00.0926 4668 MTConfig - ok 20:29:00.0947 4668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 20:29:00.0953 4668 Mup - ok 20:29:01.0029 4668 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 20:29:01.0072 4668 napagent - ok 20:29:01.0105 4668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 20:29:01.0125 4668 NativeWifiP - ok 20:29:01.0204 4668 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys 20:29:01.0221 4668 NDIS - ok 20:29:01.0251 4668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 20:29:01.0286 4668 NdisCap - ok 20:29:01.0303 4668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 20:29:01.0328 4668 NdisTapi - ok 20:29:01.0341 4668 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 20:29:01.0372 4668 Ndisuio - ok 20:29:01.0380 4668 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 20:29:01.0418 4668 NdisWan - ok 20:29:01.0434 4668 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 20:29:01.0459 4668 NDProxy - ok 20:29:01.0473 4668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 20:29:01.0517 4668 NetBIOS - ok 20:29:01.0534 4668 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 20:29:01.0561 4668 NetBT - ok 20:29:01.0600 4668 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 20:29:01.0607 4668 Netlogon - ok 20:29:01.0640 4668 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 20:29:01.0668 4668 Netman - ok 20:29:01.0695 4668 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 20:29:01.0724 4668 netprofm - ok 20:29:01.0870 4668 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:29:01.0882 4668 NetTcpPortSharing - ok 20:29:01.0932 4668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 20:29:01.0938 4668 nfrd960 - ok 20:29:01.0966 4668 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 20:29:02.0003 4668 NlaSvc - ok 20:29:02.0017 4668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 20:29:02.0046 4668 Npfs - ok 20:29:02.0052 4668 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 20:29:02.0090 4668 nsi - ok 20:29:02.0104 4668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 20:29:02.0146 4668 nsiproxy - ok 20:29:02.0203 4668 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 20:29:02.0230 4668 Ntfs - ok 20:29:02.0404 4668 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 20:29:02.0428 4668 Null - ok 20:29:02.0458 4668 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 20:29:02.0467 4668 nvraid - ok 20:29:02.0509 4668 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 20:29:02.0517 4668 nvstor - ok 20:29:02.0541 4668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 20:29:02.0548 4668 nv_agp - ok 20:29:02.0632 4668 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:29:02.0648 4668 odserv - ok 20:29:02.0664 4668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 20:29:02.0673 4668 ohci1394 - ok 20:29:02.0701 4668 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:29:02.0712 4668 ose - ok 20:29:02.0742 4668 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 20:29:02.0754 4668 p2pimsvc - ok 20:29:02.0764 4668 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 20:29:02.0786 4668 p2psvc - ok 20:29:02.0805 4668 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 20:29:02.0816 4668 Parport - ok 20:29:02.0841 4668 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys 20:29:02.0848 4668 partmgr - ok 20:29:02.0869 4668 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 20:29:02.0887 4668 PcaSvc - ok 20:29:02.0895 4668 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 20:29:02.0906 4668 pci - ok 20:29:02.0925 4668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys 20:29:02.0931 4668 pciide - ok 20:29:02.0952 4668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 20:29:02.0963 4668 pcmcia - ok 20:29:02.0970 4668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 20:29:02.0976 4668 pcw - ok 20:29:03.0004 4668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 20:29:03.0038 4668 PEAUTH - ok 20:29:03.0090 4668 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 20:29:03.0111 4668 PerfHost - ok 20:29:03.0152 4668 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 20:29:03.0208 4668 pla - ok 20:29:03.0309 4668 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 20:29:03.0321 4668 PlugPlay - ok 20:29:03.0351 4668 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 20:29:03.0365 4668 PNRPAutoReg - ok 20:29:03.0386 4668 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 20:29:03.0398 4668 PNRPsvc - ok 20:29:03.0433 4668 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 20:29:03.0465 4668 PolicyAgent - ok 20:29:03.0481 4668 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 20:29:03.0509 4668 Power - ok 20:29:03.0558 4668 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 20:29:03.0582 4668 PptpMiniport - ok 20:29:03.0603 4668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 20:29:03.0611 4668 Processor - ok 20:29:03.0639 4668 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll 20:29:03.0665 4668 ProfSvc - ok 20:29:03.0707 4668 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 20:29:03.0715 4668 ProtectedStorage - ok 20:29:03.0733 4668 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 20:29:03.0772 4668 Psched - ok 20:29:03.0808 4668 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys 20:29:03.0814 4668 PxHlpa64 - ok 20:29:03.0860 4668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 20:29:03.0897 4668 ql2300 - ok 20:29:04.0018 4668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 20:29:04.0025 4668 ql40xx - ok 20:29:04.0057 4668 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 20:29:04.0075 4668 QWAVE - ok 20:29:04.0084 4668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 20:29:04.0114 4668 QWAVEdrv - ok 20:29:04.0133 4668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 20:29:04.0174 4668 RasAcd - ok 20:29:04.0197 4668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 20:29:04.0223 4668 RasAgileVpn - ok 20:29:04.0239 4668 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 20:29:04.0268 4668 RasAuto - ok 20:29:04.0288 4668 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 20:29:04.0313 4668 Rasl2tp - ok 20:29:04.0333 4668 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 20:29:04.0381 4668 RasMan - ok 20:29:04.0389 4668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 20:29:04.0426 4668 RasPppoe - ok 20:29:04.0446 4668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 20:29:04.0482 4668 RasSstp - ok 20:29:04.0506 4668 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 20:29:04.0534 4668 rdbss - ok 20:29:04.0557 4668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 20:29:04.0567 4668 rdpbus - ok 20:29:04.0590 4668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 20:29:04.0615 4668 RDPCDD - ok 20:29:04.0630 4668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 20:29:04.0677 4668 RDPENCDD - ok 20:29:04.0691 4668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 20:29:04.0731 4668 RDPREFMP - ok 20:29:04.0763 4668 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys 20:29:04.0790 4668 RDPWD - ok 20:29:04.0809 4668 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 20:29:04.0817 4668 rdyboost - ok 20:29:04.0844 4668 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 20:29:04.0874 4668 RemoteAccess - ok 20:29:04.0896 4668 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 20:29:04.0922 4668 RemoteRegistry - ok 20:29:04.0953 4668 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys 20:29:04.0964 4668 RFCOMM - ok 20:29:05.0045 4668 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 20:29:05.0052 4668 RichVideo - ok 20:29:05.0072 4668 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 20:29:05.0103 4668 RpcEptMapper - ok 20:29:05.0122 4668 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 20:29:05.0132 4668 RpcLocator - ok 20:29:05.0149 4668 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 20:29:05.0189 4668 RpcSs - ok 20:29:05.0229 4668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 20:29:05.0254 4668 rspndr - ok 20:29:05.0284 4668 RTL8167 (e50cfb92986dcab49de93788fd695813) C:\windows\system32\DRIVERS\Rt64win7.sys 20:29:05.0295 4668 RTL8167 - ok 20:29:05.0343 4668 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys 20:29:05.0350 4668 SABI - ok 20:29:05.0393 4668 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 20:29:05.0401 4668 SamSs - ok 20:29:05.0477 4668 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 20:29:05.0482 4668 SASDIFSV - ok 20:29:05.0495 4668 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 20:29:05.0500 4668 SASKUTIL - ok 20:29:05.0527 4668 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 20:29:05.0534 4668 sbp2port - ok 20:29:05.0629 4668 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 20:29:05.0648 4668 SBSDWSCService - ok 20:29:05.0714 4668 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 20:29:05.0744 4668 SCardSvr - ok 20:29:05.0798 4668 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 20:29:05.0823 4668 scfilter - ok 20:29:05.0855 4668 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 20:29:05.0890 4668 Schedule - ok 20:29:05.0918 4668 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 20:29:05.0943 4668 SCPolicySvc - ok 20:29:05.0970 4668 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 20:29:06.0001 4668 SDRSVC - ok 20:29:06.0044 4668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 20:29:06.0070 4668 secdrv - ok 20:29:06.0085 4668 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 20:29:06.0117 4668 seclogon - ok 20:29:06.0135 4668 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll 20:29:06.0165 4668 SENS - ok 20:29:06.0171 4668 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 20:29:06.0196 4668 SensrSvc - ok 20:29:06.0215 4668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 20:29:06.0223 4668 Serenum - ok 20:29:06.0235 4668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 20:29:06.0257 4668 Serial - ok 20:29:06.0264 4668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 20:29:06.0273 4668 sermouse - ok 20:29:06.0293 4668 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 20:29:06.0329 4668 SessionEnv - ok 20:29:06.0352 4668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 20:29:06.0362 4668 sffdisk - ok 20:29:06.0380 4668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 20:29:06.0390 4668 sffp_mmc - ok 20:29:06.0409 4668 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 20:29:06.0418 4668 sffp_sd - ok 20:29:06.0439 4668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys 20:29:06.0462 4668 sfloppy - ok 20:29:06.0505 4668 SGDrv (2fe1cd3aa602414841db10ad96c95a5e) C:\windows\system32\DRIVERS\SGdrv64.sys 20:29:06.0512 4668 SGDrv - ok 20:29:06.0542 4668 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 20:29:06.0576 4668 SharedAccess - ok 20:29:06.0610 4668 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 20:29:06.0637 4668 ShellHWDetection - ok 20:29:06.0665 4668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 20:29:06.0672 4668 SiSRaid2 - ok 20:29:06.0687 4668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 20:29:06.0693 4668 SiSRaid4 - ok 20:29:06.0741 4668 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 20:29:06.0779 4668 SkypeUpdate - ok 20:29:06.0796 4668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 20:29:06.0823 4668 Smb - ok 20:29:06.0832 4668 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 20:29:06.0855 4668 SNMPTRAP - ok 20:29:06.0872 4668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 20:29:06.0878 4668 spldr - ok 20:29:06.0897 4668 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 20:29:06.0932 4668 Spooler - ok 20:29:07.0012 4668 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 20:29:07.0090 4668 sppsvc - ok 20:29:07.0175 4668 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 20:29:07.0214 4668 sppuinotify - ok 20:29:07.0290 4668 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 20:29:07.0318 4668 srv - ok 20:29:07.0328 4668 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 20:29:07.0341 4668 srv2 - ok 20:29:07.0368 4668 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 20:29:07.0398 4668 srvnet - ok 20:29:07.0407 4668 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 20:29:07.0434 4668 SSDPSRV - ok 20:29:07.0441 4668 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 20:29:07.0471 4668 SstpSvc - ok 20:29:07.0505 4668 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\windows\system32\DRIVERS\ssudmdm.sys 20:29:07.0513 4668 ssudmdm - ok 20:29:07.0544 4668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 20:29:07.0550 4668 stexstor - ok 20:29:07.0593 4668 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 20:29:07.0613 4668 stisvc - ok 20:29:07.0629 4668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 20:29:07.0635 4668 swenum - ok 20:29:07.0755 4668 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 20:29:07.0771 4668 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 20:29:07.0771 4668 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 20:29:07.0832 4668 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 20:29:07.0870 4668 swprv - ok 20:29:07.0904 4668 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 20:29:07.0944 4668 SysMain - ok 20:29:08.0043 4668 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 20:29:08.0067 4668 TabletInputService - ok 20:29:08.0091 4668 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 20:29:08.0119 4668 TapiSrv - ok 20:29:08.0126 4668 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 20:29:08.0153 4668 TBS - ok 20:29:08.0225 4668 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys 20:29:08.0254 4668 Tcpip - ok 20:29:08.0279 4668 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys 20:29:08.0309 4668 TCPIP6 - ok 20:29:08.0344 4668 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 20:29:08.0383 4668 tcpipreg - ok 20:29:08.0407 4668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 20:29:08.0415 4668 TDPIPE - ok 20:29:08.0454 4668 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 20:29:08.0462 4668 TDTCP - ok 20:29:08.0483 4668 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 20:29:08.0509 4668 tdx - ok 20:29:08.0521 4668 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 20:29:08.0530 4668 TermDD - ok 20:29:08.0564 4668 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 20:29:08.0595 4668 TermService - ok 20:29:08.0612 4668 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 20:29:08.0627 4668 Themes - ok 20:29:08.0653 4668 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 20:29:08.0678 4668 THREADORDER - ok 20:29:08.0704 4668 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys 20:29:08.0713 4668 TPM - ok 20:29:08.0720 4668 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 20:29:08.0751 4668 TrkWks - ok 20:29:08.0809 4668 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 20:29:08.0852 4668 TrustedInstaller - ok 20:29:08.0887 4668 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 20:29:08.0911 4668 tssecsrv - ok 20:29:08.0919 4668 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 20:29:08.0939 4668 TsUsbFlt - ok 20:29:08.0946 4668 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 20:29:08.0955 4668 TsUsbGD - ok 20:29:08.0973 4668 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 20:29:08.0999 4668 tunnel - ok 20:29:09.0016 4668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 20:29:09.0022 4668 uagp35 - ok 20:29:09.0046 4668 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 20:29:09.0086 4668 udfs - ok 20:29:09.0120 4668 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 20:29:09.0135 4668 UI0Detect - ok 20:29:09.0163 4668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 20:29:09.0170 4668 uliagpkx - ok 20:29:09.0194 4668 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 20:29:09.0206 4668 umbus - ok 20:29:09.0232 4668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 20:29:09.0243 4668 UmPass - ok 20:29:09.0352 4668 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 20:29:09.0406 4668 UNS - ok 20:29:09.0503 4668 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 20:29:09.0536 4668 upnphost - ok 20:29:09.0601 4668 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 20:29:09.0609 4668 usbccgp - ok 20:29:09.0647 4668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 20:29:09.0658 4668 usbcir - ok 20:29:09.0684 4668 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys 20:29:09.0691 4668 usbehci - ok 20:29:09.0710 4668 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 20:29:09.0738 4668 usbhub - ok 20:29:09.0754 4668 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 20:29:09.0762 4668 usbohci - ok 20:29:09.0785 4668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys 20:29:09.0813 4668 usbprint - ok 20:29:09.0839 4668 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 20:29:09.0847 4668 USBSTOR - ok 20:29:09.0864 4668 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 20:29:09.0881 4668 usbuhci - ok 20:29:09.0905 4668 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 20:29:09.0929 4668 usbvideo - ok 20:29:09.0962 4668 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 20:29:10.0007 4668 UxSms - ok 20:29:10.0042 4668 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 20:29:10.0050 4668 VaultSvc - ok 20:29:10.0073 4668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 20:29:10.0079 4668 vdrvroot - ok 20:29:10.0099 4668 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 20:29:10.0154 4668 vds - ok 20:29:10.0174 4668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 20:29:10.0186 4668 vga - ok 20:29:10.0200 4668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 20:29:10.0226 4668 VgaSave - ok 20:29:10.0254 4668 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 20:29:10.0262 4668 vhdmp - ok 20:29:10.0275 4668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 20:29:10.0281 4668 viaide - ok 20:29:10.0306 4668 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 20:29:10.0313 4668 volmgr - ok 20:29:10.0323 4668 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 20:29:10.0335 4668 volmgrx - ok 20:29:10.0370 4668 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys 20:29:10.0381 4668 volsnap - ok 20:29:10.0404 4668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 20:29:10.0411 4668 vsmraid - ok 20:29:10.0461 4668 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 20:29:10.0517 4668 VSS - ok 20:29:10.0625 4668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 20:29:10.0633 4668 vwifibus - ok 20:29:10.0666 4668 vwififlt (13a0decd1794de60a8427862c8669d27) C:\windows\system32\DRIVERS\vwififlt.sys 20:29:10.0689 4668 vwififlt - ok 20:29:10.0710 4668 vwifimp (49003b357d101cdc474937437ecf5abc) C:\windows\system32\DRIVERS\vwifimp.sys 20:29:10.0717 4668 vwifimp - ok 20:29:10.0750 4668 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 20:29:10.0786 4668 W32Time - ok 20:29:10.0810 4668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 20:29:10.0818 4668 WacomPen - ok 20:29:10.0826 4668 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 20:29:10.0852 4668 WANARP - ok 20:29:10.0855 4668 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 20:29:10.0883 4668 Wanarpv6 - ok 20:29:10.0923 4668 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 20:29:10.0968 4668 wbengine - ok 20:29:11.0075 4668 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 20:29:11.0117 4668 WbioSrvc - ok 20:29:11.0128 4668 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 20:29:11.0155 4668 wcncsvc - ok 20:29:11.0162 4668 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 20:29:11.0175 4668 WcsPlugInService - ok 20:29:11.0218 4668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 20:29:11.0225 4668 Wd - ok 20:29:11.0252 4668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 20:29:11.0270 4668 Wdf01000 - ok 20:29:11.0283 4668 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 20:29:11.0321 4668 WdiServiceHost - ok 20:29:11.0324 4668 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 20:29:11.0341 4668 WdiSystemHost - ok 20:29:11.0358 4668 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 20:29:11.0379 4668 WebClient - ok 20:29:11.0393 4668 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 20:29:11.0440 4668 Wecsvc - ok 20:29:11.0447 4668 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 20:29:11.0483 4668 wercplsupport - ok 20:29:11.0490 4668 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 20:29:11.0520 4668 WerSvc - ok 20:29:11.0535 4668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 20:29:11.0566 4668 WfpLwf - ok 20:29:11.0589 4668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 20:29:11.0595 4668 WIMMount - ok 20:29:11.0644 4668 WinDefend - ok 20:29:11.0649 4668 WinHttpAutoProxySvc - ok 20:29:11.0701 4668 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 20:29:11.0739 4668 Winmgmt - ok 20:29:11.0803 4668 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 20:29:11.0864 4668 WinRM - ok 20:29:11.0977 4668 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys 20:29:11.0988 4668 WinUsb - ok 20:29:12.0028 4668 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 20:29:12.0060 4668 Wlansvc - ok 20:29:12.0137 4668 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 20:29:12.0145 4668 wlcrasvc - ok 20:29:12.0218 4668 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:29:12.0256 4668 wlidsvc - ok 20:29:12.0367 4668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys 20:29:12.0376 4668 WmiAcpi - ok 20:29:12.0431 4668 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 20:29:12.0442 4668 wmiApSrv - ok 20:29:12.0483 4668 WMPNetworkSvc - ok 20:29:12.0511 4668 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 20:29:12.0521 4668 WPCSvc - ok 20:29:12.0528 4668 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 20:29:12.0545 4668 WPDBusEnum - ok 20:29:12.0564 4668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 20:29:12.0591 4668 ws2ifsl - ok 20:29:12.0598 4668 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll 20:29:12.0617 4668 wscsvc - ok 20:29:12.0623 4668 WSearch - ok 20:29:12.0680 4668 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll 20:29:12.0741 4668 wuauserv - ok 20:29:12.0855 4668 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 20:29:12.0883 4668 WudfPf - ok 20:29:12.0897 4668 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 20:29:12.0922 4668 WUDFRd - ok 20:29:12.0947 4668 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 20:29:12.0983 4668 wudfsvc - ok 20:29:12.0996 4668 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 20:29:13.0033 4668 WwanSvc - ok 20:29:13.0049 4668 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0 20:29:13.0297 4668 \Device\Harddisk0\DR0 - ok 20:29:13.0301 4668 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1 20:29:13.0365 4668 \Device\Harddisk1\DR1 - ok 20:29:13.0367 4668 Boot (0x1200) (bdacacfd515aa831c14191a6e236534b) \Device\Harddisk0\DR0\Partition0 20:29:13.0368 4668 \Device\Harddisk0\DR0\Partition0 - ok 20:29:13.0394 4668 Boot (0x1200) (c1385a4aedd2ede76b7f7fa3142200c0) \Device\Harddisk0\DR0\Partition1 20:29:13.0395 4668 \Device\Harddisk0\DR0\Partition1 - ok 20:29:13.0422 4668 Boot (0x1200) (4cef65900d1fc920c8b8192b2bce9098) \Device\Harddisk0\DR0\Partition2 20:29:13.0423 4668 \Device\Harddisk0\DR0\Partition2 - ok 20:29:13.0423 4668 ============================================================ 20:29:13.0424 4668 Scan finished 20:29:13.0424 4668 ============================================================ 20:29:13.0430 4472 Detected object count: 1 20:29:13.0430 4472 Actual detected object count: 1 20:29:24.0513 4472 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 20:29:24.0513 4472 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
26.03.2012, 20:35
| #10 |
| /// Malware-holic | IE Werbefenster öffnen sich willkürlich gibts im moment noch werbung?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.03.2012, 20:39
| #11 |
| | IE Werbefenster öffnen sich willkürlich Ja, aber sie tritt sehr periodisch auf. So jede 30 min ca. 5-15 Fenster dann ist wieder Ruhe. Ich habe mit der Killer-Software ja auch nur geskipped bisher - den einen "Fund" habe ich nicht gelöscht |
|
26.03.2012, 20:41
| #12 |
| /// Malware-holic | IE Werbefenster öffnen sich willkürlich jo, dass soll ja auch so sein, da es keine schadsoftware ist. erstelle und poste ein GMER log http://www.trojaner-board.de/74908-a...t-scanner.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.03.2012, 20:54
| #13 |
| | IE Werbefenster öffnen sich willkürlich Done  GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-26 21:53:39
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90a4dea5e849
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90a4dea5e849 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Ich muss allerdings dazu sagen, dass ich bei GMER rechts an der Seite nicht überall ein Häckchen setzen konnte. Nur bei den unstersten 3 .. |
|
27.03.2012, 09:53
| #14 |
| /// Malware-holic | IE Werbefenster öffnen sich willkürlich wird denn bei der werbung immer zu speziellen adressen verbunden? oder sinds immer unterschiedliche, falls nein, mal posten bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.03.2012, 13:09
| #15 |
| | IE Werbefenster öffnen sich willkürlich Hallo, es sind ein paar bestimmte adressen. 1. ad.xtendmedia.com 2. browsergame.travian ich habe ein screenshot angehängt. Danke, dass Du dich immernoch bemühst mir zu helfen! |
|
| Themen zu IE Werbefenster öffnen sich willkürlich |
| acrobat update, adobe, adware, antivir, avg, avira, bho, browser, desktop, dll, explorer, firefox, hijack, hijackthis, internet, internet explorer, log, maßnahme, mozilla, notification, plug-in, problem, rundll, safer networking, security, software, superantispyware, werbefenster, werbung, windows |
Linear-Darstellung
