| |
| |||||||
Log-Analyse und Auswertung: neuen GVU-trojaner mit web-cam eingefangen (bin laie)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.08.2012, 13:26
| #31 |
 |  neuen GVU-trojaner mit web-cam eingefangen (bin laie) Ja lesen ist nicht meine Stärke anscheinend. Report hab ich glatt überlesen. Sorry. Aber jetzt ist das Log anbei. |
|
14.08.2012, 16:32
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | neuen GVU-trojaner mit web-cam eingefangen (bin laie) Bitte NICHT in den Anhang!
__________________Grundsätzlich alle Logs direkt posten in CODE-Tags. Danke
__________________ |
|
14.08.2012, 18:11
| #33 |
| | neuen GVU-trojaner mit web-cam eingefangen (bin laie)Code:
ATTFilter 14:18:24.0194 10964 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
14:18:25.0083 10964 ============================================================
14:18:25.0083 10964 Current date / time: 2012/08/14 14:18:25.0083
14:18:25.0083 10964 SystemInfo:
14:18:25.0083 10964
14:18:25.0083 10964 OS Version: 6.1.7601 ServicePack: 1.0
14:18:25.0083 10964 Product type: Workstation
14:18:25.0083 10964 ComputerName: PC-FAMILIE-KIS
14:18:25.0083 10964 UserName: Familie Kis
14:18:25.0083 10964 Windows directory: C:\Windows
14:18:25.0083 10964 System windows directory: C:\Windows
14:18:25.0083 10964 Running under WOW64
14:18:25.0083 10964 Processor architecture: Intel x64
14:18:25.0083 10964 Number of processors: 8
14:18:25.0083 10964 Page size: 0x1000
14:18:25.0083 10964 Boot type: Normal boot
14:18:25.0083 10964 ============================================================
14:18:26.0050 10964 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:18:26.0362 10964 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:18:26.0425 10964 ============================================================
14:18:26.0425 10964 \Device\Harddisk0\DR0:
14:18:26.0440 10964 MBR partitions:
14:18:26.0440 10964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
14:18:26.0440 10964 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830
14:18:26.0440 10964 \Device\Harddisk1\DR1:
14:18:26.0440 10964 MBR partitions:
14:18:26.0440 10964 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
14:18:26.0440 10964 ============================================================
14:18:26.0472 10964 C: <-> \Device\Harddisk0\DR0\Partition2
14:18:26.0487 10964 D: <-> \Device\Harddisk1\DR1\Partition1
14:18:26.0487 10964 ============================================================
14:18:26.0487 10964 Initialize success
14:18:26.0487 10964 ============================================================
14:18:58.0701 6648 ============================================================
14:18:58.0701 6648 Scan started
14:18:58.0701 6648 Mode: Manual; SigCheck; TDLFS;
14:18:58.0701 6648 ============================================================
14:19:01.0806 6648 ================ Scan services =============================
14:19:01.0930 6648 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:19:01.0993 6648 1394ohci - ok
14:19:02.0024 6648 [ e0065cbf1a25c015c218457d2cd522b9 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
14:19:17.0094 6648 Acceler - ok
14:19:17.0889 6648 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:19:18.0342 6648 ACPI - ok
14:19:18.0716 6648 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:19:19.0434 6648 AcpiPmi - ok
14:19:21.0228 6648 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:19:21.0540 6648 AdobeARMservice - ok
14:19:21.0555 6648 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:19:21.0618 6648 adp94xx - ok
14:19:21.0649 6648 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:19:21.0665 6648 adpahci - ok
14:19:21.0680 6648 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:19:21.0696 6648 adpu320 - ok
14:19:21.0727 6648 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:19:21.0774 6648 AeLookupSvc - ok
14:19:21.0836 6648 [ d1e343bc00136ce03c4d403194d06a80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:19:21.0852 6648 AERTFilters - ok
14:19:21.0899 6648 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:19:21.0992 6648 AFD - ok
14:19:22.0023 6648 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:19:22.0039 6648 agp440 - ok
14:19:22.0070 6648 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
14:19:22.0101 6648 ALG - ok
14:19:22.0117 6648 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:19:22.0133 6648 aliide - ok
14:19:22.0148 6648 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
14:19:22.0164 6648 amdide - ok
14:19:22.0195 6648 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:19:22.0226 6648 AmdK8 - ok
14:19:22.0242 6648 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:19:22.0289 6648 AmdPPM - ok
14:19:22.0289 6648 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:19:22.0335 6648 amdsata - ok
14:19:22.0351 6648 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:19:22.0367 6648 amdsbs - ok
14:19:22.0382 6648 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:19:22.0398 6648 amdxata - ok
14:19:22.0445 6648 [ 12e7a43a3c6840a063a82b04f7ef47c0 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
14:19:22.0507 6648 AMPPAL - ok
14:19:22.0523 6648 [ 12e7a43a3c6840a063a82b04f7ef47c0 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
14:19:22.0538 6648 AMPPALP - ok
14:19:22.0601 6648 [ 2cc0cbf2707be4d5b6ce6b87d9da2f97 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
14:19:30.0369 6648 AMPPALR3 - ok
14:19:30.0510 6648 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
14:19:30.0728 6648 AppID - ok
14:19:30.0837 6648 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:19:30.0947 6648 AppIDSvc - ok
14:19:31.0040 6648 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:19:31.0134 6648 Appinfo - ok
14:19:31.0259 6648 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:19:31.0305 6648 Apple Mobile Device - ok
14:19:31.0337 6648 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys
14:19:31.0493 6648 arc - ok
14:19:31.0524 6648 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:19:31.0555 6648 arcsas - ok
14:19:31.0836 6648 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:19:31.0851 6648 aspnet_state - ok
14:19:31.0992 6648 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:19:32.0070 6648 AsyncMac - ok
14:19:32.0241 6648 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
14:19:32.0257 6648 atapi - ok
14:19:32.0663 6648 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:19:32.0959 6648 AudioEndpointBuilder - ok
14:19:33.0037 6648 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:19:33.0162 6648 AudioSrv - ok
14:19:33.0240 6648 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:19:33.0302 6648 AxInstSV - ok
14:19:33.0536 6648 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:19:33.0708 6648 b06bdrv - ok
14:19:33.0770 6648 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:19:33.0833 6648 b57nd60a - ok
14:19:33.0879 6648 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:19:33.0942 6648 BDESVC - ok
14:19:33.0989 6648 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:19:34.0051 6648 Beep - ok
14:19:34.0191 6648 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
14:19:34.0457 6648 BFE - ok
14:19:34.0722 6648 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll
14:19:34.0878 6648 BITS - ok
14:19:34.0956 6648 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:19:34.0987 6648 blbdrive - ok
14:19:35.0237 6648 [ 0f46d2845bd7ddaca52340ecc2b65da3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
14:19:35.0673 6648 Bluetooth Device Monitor - ok
14:19:35.0907 6648 [ 3341de556ec28252d603277609eef8bf ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
14:19:36.0251 6648 Bluetooth Media Service - ok
14:19:36.0375 6648 [ 5d5c3ec9be1107dedf0feb55b7f3bd77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
14:19:36.0937 6648 Bluetooth OBEX Service - ok
14:19:37.0202 6648 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:19:37.0296 6648 Bonjour Service - ok
14:19:37.0311 6648 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:19:37.0358 6648 bowser - ok
14:19:37.0374 6648 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:19:37.0421 6648 BrFiltLo - ok
14:19:37.0436 6648 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:19:37.0467 6648 BrFiltUp - ok
14:19:37.0499 6648 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
14:19:37.0561 6648 Browser - ok
14:19:37.0592 6648 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:19:37.0639 6648 Brserid - ok
14:19:37.0639 6648 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:19:37.0701 6648 BrSerWdm - ok
14:19:37.0795 6648 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:19:37.0826 6648 BrUsbMdm - ok
14:19:37.0857 6648 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:19:37.0904 6648 BrUsbSer - ok
14:19:37.0967 6648 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:19:38.0013 6648 BthEnum - ok
14:19:38.0029 6648 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:19:38.0060 6648 BTHMODEM - ok
14:19:38.0076 6648 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:19:38.0123 6648 BthPan - ok
14:19:38.0169 6648 [ 64c198198501f7560ee41d8d1efa7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
14:19:38.0216 6648 BTHPORT - ok
14:19:38.0247 6648 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
14:19:38.0310 6648 bthserv - ok
14:19:38.0372 6648 [ d6ceec2f878149e4db9fe93fa5d8fe60 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
14:19:39.0371 6648 BTHSSecurityMgr - ok
14:19:39.0402 6648 [ f188b7394d81010767b6df3178519a37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
14:19:39.0449 6648 BTHUSB - ok
14:19:39.0495 6648 [ ab0a33001fe7ebb209d9d52ced11be1a ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
14:19:39.0511 6648 btmaux - ok
14:19:39.0558 6648 [ 40c6fec49d1cc4d112368a2bcd2bcbb7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
14:19:39.0620 6648 btmhsf - ok
14:19:39.0651 6648 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:19:39.0729 6648 cdfs - ok
14:19:39.0807 6648 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:19:39.0823 6648 cdrom - ok
14:19:39.0948 6648 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
14:19:39.0995 6648 CertPropSvc - ok
14:19:40.0010 6648 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys
14:19:40.0057 6648 circlass - ok
14:19:40.0088 6648 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
14:19:40.0151 6648 CLFS - ok
14:19:40.0213 6648 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:19:40.0385 6648 clr_optimization_v2.0.50727_32 - ok
14:19:40.0478 6648 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:19:40.0494 6648 clr_optimization_v2.0.50727_64 - ok
14:19:40.0697 6648 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:19:40.0790 6648 clr_optimization_v4.0.30319_32 - ok
14:19:40.0821 6648 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:19:40.0868 6648 clr_optimization_v4.0.30319_64 - ok
14:19:41.0009 6648 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:19:41.0071 6648 CmBatt - ok
14:19:41.0087 6648 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:19:41.0118 6648 cmdide - ok
14:19:41.0336 6648 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
14:19:41.0414 6648 CNG - ok
14:19:41.0601 6648 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:19:41.0664 6648 Compbatt - ok
14:19:41.0679 6648 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:19:41.0742 6648 CompositeBus - ok
14:19:41.0789 6648 COMSysApp - ok
14:19:41.0804 6648 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:19:41.0835 6648 crcdisk - ok
14:19:41.0913 6648 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:19:41.0991 6648 CryptSvc - ok
14:19:42.0054 6648 [ bc3d4f90978cd7c8eabd1baf3bf7873a ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
14:19:42.0881 6648 CtClsFlt - ok
14:19:43.0130 6648 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:19:43.0427 6648 cvhsvc - ok
14:19:43.0536 6648 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:19:43.0707 6648 DcomLaunch - ok
14:19:43.0754 6648 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
14:19:43.0895 6648 defragsvc - ok
14:19:43.0910 6648 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:19:43.0957 6648 DfsC - ok
14:19:44.0051 6648 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
14:19:44.0144 6648 Dhcp - ok
14:19:44.0191 6648 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
14:19:44.0269 6648 discache - ok
14:19:44.0331 6648 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys
14:19:44.0378 6648 Disk - ok
14:19:44.0425 6648 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:19:44.0519 6648 Dnscache - ok
14:19:44.0550 6648 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:19:44.0643 6648 dot3svc - ok
14:19:44.0690 6648 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
14:19:44.0831 6648 DPS - ok
14:19:44.0893 6648 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:19:44.0924 6648 drmkaud - ok
14:19:45.0221 6648 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:19:46.0359 6648 DXGKrnl - ok
14:19:46.0437 6648 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:19:46.0500 6648 EapHost - ok
14:19:47.0030 6648 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:19:47.0498 6648 ebdrv - ok
14:19:47.0607 6648 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
14:19:47.0685 6648 EFS - ok
14:19:47.0779 6648 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:19:48.0887 6648 ehRecvr - ok
14:19:48.0902 6648 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
14:19:48.0949 6648 ehSched - ok
14:19:49.0043 6648 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:19:49.0121 6648 elxstor - ok
14:19:49.0136 6648 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:19:49.0167 6648 ErrDev - ok
14:19:49.0261 6648 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
14:19:49.0417 6648 EventSystem - ok
14:19:49.0667 6648 [ 532b8ff8e07f3772b086620377654f95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:19:49.0838 6648 EvtEng - ok
14:19:49.0916 6648 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
14:19:49.0963 6648 exfat - ok
14:19:50.0150 6648 [ 169897de484a79120af8c201883efdc4 ] F-Secure Gatekeeper C:\Program Files (x86)\VR-Web Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
14:19:50.0181 6648 F-Secure Gatekeeper - ok
14:19:50.0228 6648 [ 2346842f07e2ab64d1dc83a67fccdfa1 ] F-Secure Gatekeeper Handler Starter C:\Program Files (x86)\VR-Web Sicherheitspaket\Anti-Virus\fsgk32st.exe
14:19:50.0259 6648 F-Secure Gatekeeper Handler Starter - ok
14:19:50.0337 6648 [ 0923c7370d08aa0e167f24fdee24a333 ] F-Secure HIPS C:\Program Files (x86)\VR-Web Sicherheitspaket\HIPS\drivers\fshs.sys
14:19:50.0353 6648 F-Secure HIPS - ok
14:19:50.0400 6648 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:19:50.0462 6648 fastfat - ok
14:19:50.0556 6648 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
14:19:50.0603 6648 Fax - ok
14:19:50.0649 6648 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys
14:19:50.0712 6648 fdc - ok
14:19:50.0743 6648 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:19:50.0790 6648 fdPHost - ok
14:19:50.0821 6648 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:19:50.0883 6648 FDResPub - ok
14:19:50.0930 6648 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:19:50.0946 6648 FileInfo - ok
14:19:50.0961 6648 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:19:51.0024 6648 Filetrace - ok
14:19:51.0071 6648 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:19:51.0102 6648 flpydisk - ok
14:19:51.0133 6648 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:19:51.0164 6648 FltMgr - ok
14:19:51.0258 6648 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
14:19:51.0320 6648 FontCache - ok
14:19:51.0383 6648 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:19:51.0398 6648 FontCache3.0.0.0 - ok
14:19:51.0476 6648 [ d5c492752fccb61bffae361c82f914ac ] fsbts C:\Windows\system32\Drivers\fsbts.sys
14:19:51.0507 6648 fsbts - ok
14:19:51.0507 6648 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:19:51.0523 6648 FsDepends - ok
14:19:51.0757 6648 [ d40a0ee11b934e0472ab8a4bbf46d6d8 ] FSDFWD C:\Program Files (x86)\VR-Web Sicherheitspaket\FWES\Program\fsdfwd.exe
14:19:51.0851 6648 FSDFWD - ok
14:19:51.0929 6648 [ 06c487127857ca7dd0bb6051d454dd90 ] FSES C:\Windows\system32\drivers\fses.sys
14:19:51.0960 6648 FSES - ok
14:19:52.0022 6648 [ f68d7041a3a6f4707237891d476dd412 ] FSFW C:\Windows\system32\drivers\fsdfw.sys
14:19:52.0038 6648 FSFW - ok
14:19:52.0163 6648 [ 8a556a81e9ff95bd9eb7207783e8fcf4 ] FSMA C:\Program Files (x86)\VR-Web Sicherheitspaket\Common\FSMA32.EXE
14:19:52.0194 6648 FSMA - ok
14:19:52.0287 6648 [ 42aef6a385354aca65fc210ce7ce4d7c ] FSORSPClient C:\Program Files (x86)\VR-Web Sicherheitspaket\ORSP Client\fsorsp.exe
14:19:52.0319 6648 FSORSPClient - ok
14:19:52.0350 6648 [ ca7903a77fe92a11045dab462574009f ] fsvista C:\Program Files (x86)\VR-Web Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys
14:19:52.0365 6648 fsvista - ok
14:19:52.0506 6648 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:19:52.0537 6648 Fs_Rec - ok
14:19:52.0662 6648 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:19:52.0693 6648 fvevol - ok
14:19:52.0724 6648 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:19:52.0740 6648 gagp30kx - ok
14:19:52.0818 6648 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:19:52.0833 6648 GEARAspiWDM - ok
14:19:52.0943 6648 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
14:19:53.0099 6648 gpsvc - ok
14:19:53.0301 6648 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:19:53.0333 6648 gupdate - ok
14:19:53.0442 6648 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:19:53.0457 6648 gupdatem - ok
14:19:53.0582 6648 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:19:54.0393 6648 gusvc - ok
14:19:54.0471 6648 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:19:54.0503 6648 hcw85cir - ok
14:19:54.0565 6648 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:19:54.0659 6648 HdAudAddService - ok
14:19:54.0737 6648 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:19:54.0768 6648 HDAudBus - ok
14:19:54.0783 6648 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:19:54.0815 6648 HidBatt - ok
14:19:54.0815 6648 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:19:54.0846 6648 HidBth - ok
14:19:54.0893 6648 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:19:54.0924 6648 HidIr - ok
14:19:54.0955 6648 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
14:19:54.0986 6648 hidserv - ok
14:19:55.0033 6648 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:19:55.0049 6648 HidUsb - ok
14:19:55.0095 6648 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:19:55.0142 6648 hkmsvc - ok
14:19:55.0173 6648 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:19:55.0220 6648 HomeGroupListener - ok
14:19:55.0283 6648 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:19:55.0329 6648 HomeGroupProvider - ok
14:19:55.0345 6648 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:19:55.0361 6648 HpSAMD - ok
14:19:55.0485 6648 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:19:55.0548 6648 HTTP - ok
14:19:55.0563 6648 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:19:55.0579 6648 hwpolicy - ok
14:19:55.0641 6648 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:19:55.0657 6648 i8042prt - ok
14:19:55.0735 6648 [ d469b77687e12fe43e344806740b624d ] iaStor C:\Windows\system32\drivers\iaStor.sys
14:19:55.0766 6648 iaStor - ok
14:19:55.0875 6648 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:19:55.0985 6648 iaStorV - ok
14:19:56.0047 6648 [ fc47f5cf561bf0fd897efd1a9604dccf ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
14:19:56.0078 6648 iBtFltCoex - ok
14:19:56.0187 6648 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:19:56.0250 6648 idsvc - ok
14:19:56.0796 6648 [ 0bd58366c86ef9ddc4f61afed0cada99 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:19:57.0077 6648 igfx - ok
14:19:57.0139 6648 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:19:57.0170 6648 iirsp - ok
14:19:57.0389 6648 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
14:19:57.0529 6648 IKEEXT - ok
14:19:57.0591 6648 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
14:19:57.0638 6648 Impcd - ok
14:19:57.0685 6648 [ caddf0927dac63edae48f5c35a61d87d ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
14:19:57.0857 6648 intaud_WaveExtensible - ok
14:19:58.0059 6648 [ a5f7cef8a939ebe270462edefd629f20 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:19:58.0278 6648 IntcAzAudAddService - ok
14:19:58.0340 6648 [ fc727061c0f47c8059e88e05d5c8e381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
14:19:58.0371 6648 IntcDAud - ok
14:19:58.0403 6648 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
14:19:58.0434 6648 intelide - ok
14:19:58.0465 6648 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:19:58.0527 6648 intelppm - ok
14:19:58.0574 6648 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:19:58.0637 6648 IPBusEnum - ok
14:19:58.0668 6648 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:19:58.0699 6648 IpFilterDriver - ok
14:19:58.0824 6648 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:19:58.0902 6648 iphlpsvc - ok
14:19:58.0917 6648 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:19:58.0949 6648 IPMIDRV - ok
14:19:58.0964 6648 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:19:59.0027 6648 IPNAT - ok
14:19:59.0245 6648 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:19:59.0370 6648 iPod Service - ok
14:19:59.0417 6648 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:19:59.0448 6648 IRENUM - ok
14:19:59.0479 6648 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:19:59.0510 6648 isapnp - ok
14:19:59.0557 6648 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:19:59.0573 6648 iScsiPrt - ok
14:19:59.0635 6648 [ 716f66336f10885d935b08174dc54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
14:19:59.0744 6648 iwdbus - ok
14:19:59.0760 6648 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:19:59.0791 6648 kbdclass - ok
14:19:59.0807 6648 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:19:59.0838 6648 kbdhid - ok
14:19:59.0853 6648 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
14:19:59.0869 6648 KeyIso - ok
14:19:59.0916 6648 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:19:59.0963 6648 KSecDD - ok
14:19:59.0994 6648 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:20:00.0041 6648 KSecPkg - ok
14:20:00.0087 6648 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:20:00.0134 6648 ksthunk - ok
14:20:00.0197 6648 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
14:20:00.0290 6648 KtmRm - ok
14:20:00.0353 6648 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:20:00.0399 6648 LanmanServer - ok
14:20:00.0462 6648 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:20:00.0509 6648 LanmanWorkstation - ok
14:20:00.0571 6648 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:20:00.0618 6648 lltdio - ok
14:20:00.0696 6648 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:20:00.0789 6648 lltdsvc - ok
14:20:00.0805 6648 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:20:00.0852 6648 lmhosts - ok
14:20:00.0899 6648 [ 7f32d4c47a50e7223491e8fb9359907d ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:20:00.0977 6648 LMS - ok
14:20:01.0039 6648 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:20:01.0055 6648 LSI_FC - ok
14:20:01.0070 6648 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:20:01.0086 6648 LSI_SAS - ok
14:20:01.0101 6648 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:20:01.0133 6648 LSI_SAS2 - ok
14:20:01.0164 6648 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:20:01.0195 6648 LSI_SCSI - ok
14:20:01.0257 6648 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
14:20:01.0304 6648 luafv - ok
14:20:01.0351 6648 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:20:01.0398 6648 Mcx2Svc - ok
14:20:01.0413 6648 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:20:01.0429 6648 megasas - ok
14:20:01.0491 6648 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:20:01.0523 6648 MegaSR - ok
14:20:01.0601 6648 [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:20:01.0616 6648 MEIx64 - ok
14:20:01.0647 6648 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
14:20:01.0694 6648 MMCSS - ok
14:20:01.0710 6648 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:20:01.0757 6648 Modem - ok
14:20:01.0819 6648 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:20:01.0850 6648 monitor - ok
14:20:01.0881 6648 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:20:01.0897 6648 mouclass - ok
14:20:01.0913 6648 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:20:01.0944 6648 mouhid - ok
14:20:01.0959 6648 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:20:01.0975 6648 mountmgr - ok
14:20:02.0006 6648 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:20:02.0037 6648 mpio - ok
14:20:02.0053 6648 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:20:02.0084 6648 mpsdrv - ok
14:20:02.0162 6648 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:20:02.0318 6648 MpsSvc - ok
14:20:02.0349 6648 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:20:02.0396 6648 MRxDAV - ok
14:20:02.0412 6648 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:20:02.0443 6648 mrxsmb - ok
14:20:02.0552 6648 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:20:02.0630 6648 mrxsmb10 - ok
14:20:02.0646 6648 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:20:02.0677 6648 mrxsmb20 - ok
14:20:02.0693 6648 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:20:02.0708 6648 msahci - ok
14:20:02.0724 6648 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:20:02.0755 6648 msdsm - ok
14:20:02.0786 6648 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
14:20:02.0817 6648 MSDTC - ok
14:20:02.0849 6648 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:20:02.0895 6648 Msfs - ok
14:20:02.0927 6648 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:20:02.0973 6648 mshidkmdf - ok
14:20:02.0973 6648 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:20:03.0129 6648 msisadrv - ok
14:20:03.0176 6648 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:20:03.0239 6648 MSiSCSI - ok
14:20:03.0254 6648 msiserver - ok
14:20:03.0270 6648 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:20:03.0317 6648 MSKSSRV - ok
14:20:03.0332 6648 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:20:03.0379 6648 MSPCLOCK - ok
14:20:03.0395 6648 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:20:03.0457 6648 MSPQM - ok
14:20:03.0551 6648 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:20:03.0629 6648 MsRPC - ok
14:20:03.0644 6648 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:20:03.0660 6648 mssmbios - ok
14:20:03.0738 6648 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:20:03.0800 6648 MSTEE - ok
14:20:03.0816 6648 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:20:03.0847 6648 MTConfig - ok
14:20:03.0863 6648 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:20:03.0878 6648 Mup - ok
14:20:03.0941 6648 [ 265937bc59819df1dab65e27c60f94c0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
14:20:04.0019 6648 MyWiFiDHCPDNS - ok
14:20:04.0081 6648 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
14:20:04.0206 6648 napagent - ok
14:20:04.0253 6648 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:20:04.0299 6648 NativeWifiP - ok
14:20:04.0440 6648 [ 934bb0d23a25c8c136570800a5a149b6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
14:20:04.0518 6648 NAUpdate - ok
14:20:04.0596 6648 [ c38b8ae57f78915905064a9a24dc1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:20:04.0736 6648 NDIS - ok
14:20:04.0752 6648 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:20:04.0814 6648 NdisCap - ok
14:20:04.0845 6648 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:20:04.0877 6648 NdisTapi - ok
14:20:04.0908 6648 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:20:04.0955 6648 Ndisuio - ok
14:20:04.0970 6648 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:20:05.0017 6648 NdisWan - ok
14:20:05.0033 6648 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:20:05.0095 6648 NDProxy - ok
14:20:05.0142 6648 [ 6f4607e2333fe21e9e3ff8133a88b35b ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
14:20:05.0173 6648 Netaapl - ok
14:20:05.0220 6648 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:20:05.0267 6648 NetBIOS - ok
14:20:05.0298 6648 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:20:05.0329 6648 NetBT - ok
14:20:05.0345 6648 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
14:20:05.0360 6648 Netlogon - ok
14:20:05.0516 6648 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
14:20:05.0610 6648 Netman - ok
14:20:05.0657 6648 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:20:05.0672 6648 NetMsmqActivator - ok
14:20:05.0672 6648 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:20:05.0688 6648 NetPipeActivator - ok
14:20:05.0735 6648 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
14:20:05.0813 6648 netprofm - ok
14:20:05.0828 6648 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:20:05.0859 6648 NetTcpActivator - ok
14:20:05.0859 6648 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:20:05.0875 6648 NetTcpPortSharing - ok
14:20:06.0390 6648 [ 774c9eccef83ab8a3d1466f19809c95f ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
14:20:07.0092 6648 NETwNs64 - ok
14:20:07.0123 6648 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:20:07.0139 6648 nfrd960 - ok
14:20:07.0185 6648 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:20:07.0263 6648 NlaSvc - ok
14:20:07.0279 6648 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:20:07.0326 6648 Npfs - ok
14:20:07.0341 6648 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:20:07.0388 6648 nsi - ok
14:20:07.0388 6648 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:20:07.0435 6648 nsiproxy - ok
14:20:07.0591 6648 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:20:07.0653 6648 Ntfs - ok
14:20:07.0669 6648 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
14:20:07.0716 6648 Null - ok
14:20:07.0747 6648 [ 0ebc9d13cd96c15b1b18d8678a609e4b ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
14:20:07.0778 6648 nusb3hub - ok
14:20:07.0809 6648 [ 7bdec000d56d485021d9c1e63c2f81ca ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:20:07.0825 6648 nusb3xhc - ok
14:20:08.0246 6648 [ 133abf21013397141ab991d14a415598 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:20:08.0574 6648 nvlddmkm - ok
14:20:08.0605 6648 [ 1c4ba91e68852ec526429c4892e8e79f ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
14:20:08.0621 6648 nvpciflt - ok
14:20:08.0652 6648 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:20:08.0667 6648 nvraid - ok
14:20:08.0714 6648 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:20:08.0745 6648 nvstor - ok
14:20:08.0792 6648 [ 92d06926c5da2a2e62e8fb5104f44d92 ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
14:20:08.0823 6648 NvStUSB - ok
14:20:08.0917 6648 [ 8b130eff4fffb3f996c95f154ac82308 ] NVSvc C:\Windows\system32\nvvsvc.exe
14:20:09.0104 6648 NVSvc - ok
14:20:09.0323 6648 [ 0c310811bb620161b79c2fec2fa97fba ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:20:09.0525 6648 nvUpdatusService - ok
14:20:09.0557 6648 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:20:09.0588 6648 nv_agp - ok
14:20:09.0619 6648 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:20:09.0713 6648 ohci1394 - ok
14:20:09.0900 6648 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:20:09.0947 6648 ose - ok
14:20:10.0321 6648 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:20:10.0617 6648 osppsvc - ok
14:20:10.0649 6648 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:20:10.0758 6648 p2pimsvc - ok
14:20:10.0789 6648 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:20:10.0836 6648 p2psvc - ok
14:20:10.0867 6648 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:20:10.0914 6648 Parport - ok
14:20:10.0945 6648 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:20:10.0961 6648 partmgr - ok
14:20:10.0992 6648 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:20:11.0039 6648 PcaSvc - ok
14:20:11.0070 6648 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
14:20:11.0085 6648 pci - ok
14:20:11.0117 6648 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
14:20:11.0148 6648 pciide - ok
14:20:11.0179 6648 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:20:11.0210 6648 pcmcia - ok
14:20:11.0226 6648 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:20:11.0257 6648 pcw - ok
14:20:11.0273 6648 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:20:11.0413 6648 PEAUTH - ok
14:20:11.0538 6648 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:20:11.0569 6648 PerfHost - ok
14:20:11.0678 6648 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
14:20:11.0787 6648 pla - ok
14:20:11.0897 6648 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:20:11.0959 6648 PlugPlay - ok
14:20:11.0990 6648 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:20:12.0021 6648 PNRPAutoReg - ok
14:20:12.0068 6648 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:20:12.0146 6648 PNRPsvc - ok
14:20:12.0177 6648 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:20:12.0271 6648 PolicyAgent - ok
14:20:12.0318 6648 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
14:20:12.0365 6648 Power - ok
14:20:12.0396 6648 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:20:12.0458 6648 PptpMiniport - ok
14:20:12.0474 6648 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys
14:20:12.0505 6648 Processor - ok
14:20:12.0552 6648 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:20:12.0599 6648 ProfSvc - ok
14:20:12.0599 6648 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:20:12.0614 6648 ProtectedStorage - ok
14:20:12.0661 6648 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:20:12.0723 6648 Psched - ok
14:20:12.0755 6648 [ 87b04878a6d59d6c79251dc960c674c1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:20:12.0770 6648 PxHlpa64 - ok
14:20:12.0801 6648 [ 0928bd20273625622722fe1de5bbde57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys
14:20:12.0833 6648 qicflt - ok
14:20:12.0942 6648 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:20:13.0129 6648 ql2300 - ok
14:20:13.0160 6648 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:20:13.0191 6648 ql40xx - ok
14:20:13.0223 6648 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
14:20:13.0254 6648 QWAVE - ok
14:20:13.0269 6648 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:20:13.0316 6648 QWAVEdrv - ok
14:20:13.0347 6648 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:20:13.0394 6648 RasAcd - ok
14:20:13.0441 6648 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:20:13.0472 6648 RasAgileVpn - ok
14:20:13.0503 6648 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
14:20:13.0550 6648 RasAuto - ok
14:20:13.0581 6648 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:20:13.0644 6648 Rasl2tp - ok
14:20:13.0691 6648 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
14:20:13.0784 6648 RasMan - ok
14:20:13.0815 6648 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:20:13.0862 6648 RasPppoe - ok
14:20:13.0878 6648 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:20:13.0925 6648 RasSstp - ok
14:20:13.0956 6648 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:20:13.0987 6648 rdbss - ok
14:20:14.0034 6648 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:20:14.0065 6648 rdpbus - ok
14:20:14.0096 6648 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:20:14.0127 6648 RDPCDD - ok
14:20:14.0127 6648 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:20:14.0205 6648 RDPENCDD - ok
14:20:14.0205 6648 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:20:14.0237 6648 RDPREFMP - ok
14:20:14.0268 6648 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:20:14.0315 6648 RDPWD - ok
14:20:14.0361 6648 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:20:14.0393 6648 rdyboost - ok
14:20:14.0455 6648 [ 7196be857e29007470ff9b689c7f29a7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:20:14.0580 6648 RegSrvc - ok
14:20:14.0595 6648 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:20:14.0642 6648 RemoteAccess - ok
14:20:14.0673 6648 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:20:14.0720 6648 RemoteRegistry - ok
14:20:14.0783 6648 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:20:14.0814 6648 RFCOMM - ok
14:20:14.0954 6648 [ 3c957189b31c34d3ad21967b12b6aed7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
14:20:15.0095 6648 RoxMediaDB12OEM - ok
14:20:15.0141 6648 [ 2b73088cc2ca757a172b425c9398e5bc ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
14:20:15.0173 6648 RoxWatch12 - ok
14:20:15.0188 6648 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:20:15.0235 6648 RpcEptMapper - ok
14:20:15.0266 6648 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
14:20:15.0297 6648 RpcLocator - ok
14:20:15.0344 6648 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
14:20:15.0407 6648 RpcSs - ok
14:20:15.0453 6648 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:20:15.0485 6648 rspndr - ok
14:20:15.0547 6648 [ 9140db0911de035fed0a9a77a2d156ea ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:20:15.0609 6648 RTL8167 - ok
14:20:15.0641 6648 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
14:20:15.0656 6648 SamSs - ok
14:20:15.0672 6648 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:20:15.0703 6648 sbp2port - ok
14:20:15.0734 6648 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:20:15.0812 6648 SCardSvr - ok
14:20:15.0828 6648 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:20:15.0875 6648 scfilter - ok
14:20:15.0921 6648 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
14:20:16.0062 6648 Schedule - ok
14:20:16.0077 6648 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
14:20:16.0109 6648 SCPolicySvc - ok
14:20:16.0124 6648 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:20:16.0155 6648 SDRSVC - ok
14:20:16.0187 6648 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:20:16.0233 6648 secdrv - ok
14:20:16.0249 6648 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
14:20:16.0280 6648 seclogon - ok
14:20:16.0296 6648 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
14:20:16.0358 6648 SENS - ok
14:20:16.0374 6648 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:20:16.0389 6648 SensrSvc - ok
14:20:16.0436 6648 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys
14:20:16.0467 6648 Serenum - ok
14:20:16.0483 6648 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys
14:20:16.0514 6648 Serial - ok
14:20:16.0545 6648 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:20:16.0577 6648 sermouse - ok
14:20:16.0592 6648 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:20:16.0639 6648 SessionEnv - ok
14:20:16.0655 6648 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:20:16.0686 6648 sffdisk - ok
14:20:16.0717 6648 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:20:16.0733 6648 sffp_mmc - ok
14:20:16.0748 6648 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:20:16.0779 6648 sffp_sd - ok
14:20:16.0795 6648 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:20:16.0826 6648 sfloppy - ok
14:20:16.0873 6648 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
14:20:16.0935 6648 Sftfs - ok
14:20:17.0045 6648 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:20:17.0138 6648 sftlist - ok
14:20:17.0169 6648 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:20:17.0185 6648 Sftplay - ok
14:20:17.0201 6648 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:20:17.0216 6648 Sftredir - ok
14:20:17.0575 6648 [ 74ec60e20516aaa573be74f31175270f ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:20:17.0778 6648 SftService - ok
14:20:17.0809 6648 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
14:20:17.0825 6648 Sftvol - ok
14:20:17.0856 6648 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:20:17.0887 6648 sftvsa - ok
14:20:17.0918 6648 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:20:18.0027 6648 SharedAccess - ok
14:20:18.0059 6648 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:20:18.0137 6648 ShellHWDetection - ok
14:20:18.0152 6648 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:20:18.0183 6648 SiSRaid2 - ok
14:20:18.0199 6648 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:20:18.0215 6648 SiSRaid4 - ok
14:20:18.0230 6648 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:20:18.0277 6648 Smb - ok
14:20:18.0308 6648 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:20:18.0324 6648 SNMPTRAP - ok
14:20:18.0371 6648 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:20:18.0386 6648 spldr - ok
14:20:18.0402 6648 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
14:20:18.0480 6648 Spooler - ok
14:20:18.0667 6648 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
14:20:18.0839 6648 sppsvc - ok
14:20:18.0870 6648 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:20:18.0901 6648 sppuinotify - ok
14:20:18.0948 6648 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
14:20:19.0057 6648 srv - ok
14:20:19.0088 6648 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:20:19.0166 6648 srv2 - ok
14:20:19.0182 6648 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:20:19.0213 6648 srvnet - ok
14:20:19.0260 6648 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:20:19.0291 6648 SSDPSRV - ok
14:20:19.0322 6648 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:20:19.0353 6648 SstpSvc - ok
14:20:19.0385 6648 [ 92e7f6666633d2dd91d527503daa7be0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
14:20:19.0400 6648 stdcfltn - ok
14:20:19.0463 6648 [ a4418ba8fa670d1e48d57632d50d552d ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:20:19.0541 6648 Stereo Service - ok
14:20:19.0572 6648 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:20:19.0587 6648 stexstor - ok
14:20:19.0619 6648 [ decacb6921ded1a38642642685d77dac ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
14:20:19.0665 6648 StillCam - ok
14:20:19.0697 6648 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
14:20:19.0775 6648 stisvc - ok
14:20:19.0821 6648 [ 7731f46ec0d687a931cba063e8f90ef0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
14:20:19.0837 6648 stllssvr - ok
14:20:19.0853 6648 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:20:19.0868 6648 swenum - ok
14:20:19.0899 6648 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
14:20:19.0977 6648 swprv - ok
14:20:20.0055 6648 [ 5e3b232a614339399acc71fa3aaaaa6b ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:20:20.0102 6648 SynTP - ok
14:20:20.0445 6648 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
14:20:20.0617 6648 SysMain - ok
14:20:20.0648 6648 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:20:20.0679 6648 TabletInputService - ok
14:20:20.0695 6648 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:20:20.0757 6648 TapiSrv - ok
14:20:20.0757 6648 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
14:20:20.0789 6648 TBS - ok
14:20:20.0851 6648 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:20:20.0929 6648 Tcpip - ok
14:20:20.0976 6648 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:20:21.0069 6648 TCPIP6 - ok
14:20:21.0085 6648 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:20:21.0132 6648 tcpipreg - ok
14:20:21.0147 6648 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:20:21.0179 6648 TDPIPE - ok
14:20:21.0194 6648 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:20:21.0225 6648 TDTCP - ok
14:20:21.0241 6648 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:20:21.0272 6648 tdx - ok
14:20:21.0288 6648 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:20:21.0319 6648 TermDD - ok
14:20:21.0366 6648 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
14:20:21.0475 6648 TermService - ok
14:20:21.0506 6648 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
14:20:21.0522 6648 Themes - ok
14:20:21.0537 6648 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
14:20:21.0584 6648 THREADORDER - ok
14:20:21.0584 6648 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
14:20:21.0631 6648 TrkWks - ok
14:20:21.0678 6648 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:20:21.0725 6648 TrustedInstaller - ok
14:20:21.0740 6648 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:20:21.0771 6648 tssecsrv - ok
14:20:21.0787 6648 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:20:21.0818 6648 TsUsbFlt - ok
14:20:21.0849 6648 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:20:21.0881 6648 TsUsbGD - ok
14:20:21.0912 6648 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:20:21.0959 6648 tunnel - ok
14:20:21.0990 6648 [ fd24f98d2898be093fe926604be7db99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
14:20:22.0005 6648 TurboB - ok
14:20:22.0037 6648 [ 600b406a04d90f577fea8a88d7379f08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:20:22.0068 6648 TurboBoost - ok
14:20:22.0083 6648 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:20:22.0099 6648 uagp35 - ok
14:20:22.0130 6648 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:20:22.0208 6648 udfs - ok
14:20:22.0239 6648 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:20:22.0271 6648 UI0Detect - ok
14:20:22.0317 6648 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:20:22.0333 6648 uliagpkx - ok
14:20:22.0333 6648 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:20:22.0364 6648 umbus - ok
14:20:22.0411 6648 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:20:22.0442 6648 UmPass - ok
14:20:22.0583 6648 [ 2c16648a12999ae69a9ebf41974b0ba2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:20:22.0832 6648 UNS - ok
14:20:22.0879 6648 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
14:20:22.0957 6648 upnphost - ok
14:20:22.0988 6648 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:20:23.0035 6648 USBAAPL64 - ok
14:20:23.0051 6648 [ 19ad7990c0b67e48dac5b26f99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:20:23.0082 6648 usbccgp - ok
14:20:23.0129 6648 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:20:23.0144 6648 usbcir - ok
14:20:23.0160 6648 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:20:23.0175 6648 usbehci - ok
14:20:23.0222 6648 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:20:23.0269 6648 usbhub - ok
14:20:23.0300 6648 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:20:23.0316 6648 usbohci - ok
14:20:23.0347 6648 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:20:23.0378 6648 usbprint - ok
14:20:23.0425 6648 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:20:23.0441 6648 usbscan - ok
14:20:23.0472 6648 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:20:23.0503 6648 USBSTOR - ok
14:20:23.0534 6648 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:20:23.0581 6648 usbuhci - ok
14:20:23.0581 6648 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:20:23.0628 6648 usbvideo - ok
14:20:23.0659 6648 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
14:20:23.0706 6648 UxSms - ok
14:20:23.0706 6648 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
14:20:23.0737 6648 VaultSvc - ok
14:20:23.0799 6648 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:20:23.0815 6648 vdrvroot - ok
14:20:23.0862 6648 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
14:20:24.0002 6648 vds - ok
14:20:24.0033 6648 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:20:24.0049 6648 vga - ok
14:20:24.0065 6648 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
14:20:24.0111 6648 VgaSave - ok
14:20:24.0127 6648 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:20:24.0143 6648 vhdmp - ok
14:20:24.0158 6648 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:20:24.0189 6648 viaide - ok
14:20:24.0205 6648 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:20:24.0221 6648 volmgr - ok
14:20:24.0267 6648 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:20:24.0330 6648 volmgrx - ok
14:20:24.0330 6648 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:20:24.0361 6648 volsnap - ok
14:20:24.0408 6648 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:20:24.0439 6648 vsmraid - ok
14:20:24.0548 6648 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
14:20:24.0673 6648 VSS - ok
14:20:24.0689 6648 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:20:24.0720 6648 vwifibus - ok
14:20:24.0751 6648 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:20:24.0782 6648 vwififlt - ok
14:20:24.0798 6648 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:20:24.0829 6648 vwifimp - ok
14:20:24.0860 6648 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
14:20:24.0938 6648 W32Time - ok
14:20:24.0969 6648 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:20:24.0985 6648 WacomPen - ok
14:20:25.0032 6648 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:20:25.0079 6648 WANARP - ok
14:20:25.0079 6648 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:20:25.0110 6648 Wanarpv6 - ok
14:20:25.0188 6648 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:20:25.0328 6648 WatAdminSvc - ok
14:20:25.0375 6648 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
14:20:25.0453 6648 wbengine - ok
14:20:25.0484 6648 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:20:25.0515 6648 WbioSrvc - ok
14:20:25.0578 6648 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:20:25.0781 6648 wcncsvc - ok
14:20:25.0796 6648 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:20:25.0827 6648 WcsPlugInService - ok
14:20:25.0874 6648 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys
14:20:25.0905 6648 Wd - ok
14:20:25.0921 6648 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:20:25.0983 6648 Wdf01000 - ok
14:20:25.0999 6648 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:20:26.0077 6648 WdiServiceHost - ok
14:20:26.0077 6648 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:20:26.0093 6648 WdiSystemHost - ok
14:20:26.0139 6648 [ 63ce387483e74a0bd79ee4e5eba1fd2e ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
14:20:26.0264 6648 wdkmd - ok
14:20:26.0311 6648 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:20:26.0342 6648 WebClient - ok
14:20:26.0373 6648 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:20:26.0436 6648 Wecsvc - ok
14:20:26.0467 6648 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:20:26.0514 6648 wercplsupport - ok
14:20:26.0529 6648 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:20:26.0576 6648 WerSvc - ok
14:20:26.0592 6648 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:20:26.0639 6648 WfpLwf - ok
14:20:26.0670 6648 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
14:20:26.0685 6648 WimFltr - ok
14:20:26.0717 6648 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:20:26.0732 6648 WIMMount - ok
14:20:26.0748 6648 WinDefend - ok
14:20:26.0748 6648 WinHttpAutoProxySvc - ok
14:20:26.0919 6648 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:20:26.0951 6648 Winmgmt - ok
14:20:27.0060 6648 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
14:20:27.0278 6648 WinRM - ok
14:20:27.0387 6648 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:20:27.0434 6648 WinUsb - ok
14:20:27.0621 6648 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
14:20:27.0699 6648 Wlansvc - ok
14:20:27.0762 6648 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:20:27.0777 6648 wlcrasvc - ok
14:20:28.0152 6648 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:20:28.0214 6648 wlidsvc - ok
14:20:28.0245 6648 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:20:31.0256 6648 WmiAcpi - ok
14:20:31.0319 6648 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:20:31.0365 6648 wmiApSrv - ok
14:20:31.0412 6648 WMPNetworkSvc - ok
14:20:31.0475 6648 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:20:31.0490 6648 WPCSvc - ok
14:20:31.0537 6648 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:20:31.0553 6648 WPDBusEnum - ok
14:20:31.0631 6648 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:20:31.0662 6648 ws2ifsl - ok
14:20:31.0709 6648 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
14:20:31.0755 6648 wscsvc - ok
14:20:31.0818 6648 [ 8d918b1db190a4d9b1753a66fa8c96e8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
14:20:31.0880 6648 WSDPrintDevice - ok
14:20:31.0880 6648 WSearch - ok
14:20:32.0270 6648 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:20:32.0333 6648 wuauserv - ok
14:20:32.0364 6648 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:20:32.0426 6648 WudfPf - ok
14:20:32.0504 6648 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:20:32.0567 6648 WUDFRd - ok
14:20:32.0582 6648 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:20:32.0613 6648 wudfsvc - ok
14:20:32.0676 6648 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
14:20:32.0723 6648 WwanSvc - ok
14:20:32.0754 6648 ================ Scan global ===============================
14:20:32.0785 6648 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
14:20:32.0832 6648 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
14:20:32.0832 6648 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
14:20:32.0863 6648 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
14:20:32.0925 6648 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
14:20:32.0925 6648 [Global] - ok
14:20:32.0925 6648 ================ Scan MBR ==================================
14:20:32.0941 6648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:20:37.0871 6648 \Device\Harddisk0\DR0 - ok
14:20:38.0167 6648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:20:38.0385 6648 \Device\Harddisk1\DR1 - ok
14:20:38.0385 6648 ================ Scan VBR ==================================
14:20:38.0401 6648 Boot (0x1200) (dbde1d5aa3f68bc56fa95e6be3fdaf7e) \Device\Harddisk0\DR0\Partition1
14:20:38.0401 6648 \Device\Harddisk0\DR0\Partition1 - ok
14:20:38.0401 6648 Boot (0x1200) (9490f5bf572552322077e7127a41a617) \Device\Harddisk0\DR0\Partition2
14:20:38.0401 6648 \Device\Harddisk0\DR0\Partition2 - ok
14:20:38.0401 6648 Boot (0x1200) (e7208b097ac2cad3cc8a7b6f934d1600) \Device\Harddisk1\DR1\Partition1
14:20:38.0417 6648 \Device\Harddisk1\DR1\Partition1 - ok
14:20:38.0417 6648 ============================================================
14:20:38.0417 6648 Scan finished
14:20:38.0417 6648 ============================================================
14:20:38.0417 10100 Detected object count: 0
14:20:38.0417 10100 Actual detected object count: 0
15:20:22.0519 4448 Deinitialize success
|
|
15.08.2012, 17:44
| #34 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | neuen GVU-trojaner mit web-cam eingefangen (bin laie) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.09.2012, 20:03
| #35 |
| | neuen GVU-trojaner mit web-cam eingefangen (bin laie) Combofix Logfile: Code:
ATTFilter ComboFix 12-08-25.04 - Familie Kis 25.08.2012 19:58:55.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6038.3834 [GMT 2:00]
ausgeführt von:: c:\users\Manu&Micha\Downloads\ComboFix.exe
AV: VR-Web Sicherheitspaket 4.0 9.12 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: VR-Web Sicherheitspaket 4.0 9.12 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: VR-Web Sicherheitspaket 4.0 9.12 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\RPSETUP.EXE.LOG
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-25 bis 2012-08-25 ))))))))))))))))))))))))))))))
.
.
2012-08-25 18:03 . 2012-08-25 18:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-25 18:03 . 2012-08-25 18:03 -------- d-----w- c:\users\Familie Kis\AppData\Local\temp
2012-08-25 18:03 . 2012-08-25 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-25 17:53 . 2012-08-25 17:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41B7EDA6-84BD-43DB-9F2A-5DC76C5FE2BF}\offreg.dll
2012-08-24 10:59 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41B7EDA6-84BD-43DB-9F2A-5DC76C5FE2BF}\mpengine.dll
2012-08-17 18:06 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-17 13:16 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-17 13:16 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-17 13:15 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-17 13:15 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-17 13:15 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-17 13:15 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-17 13:15 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-17 13:15 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-17 13:15 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-17 13:15 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-17 13:15 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-17 13:15 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 18:04 . 2011-11-07 21:10 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-17 13:14 . 2012-05-09 18:18 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-08-14 18:05 . 2012-04-02 06:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 18:05 . 2011-09-04 14:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-10 16:31 . 2012-07-10 16:31 595968 ----a-w- C:\OTL3.exe
2012-07-09 18:57 . 2012-07-09 18:57 618655 ----a-w- C:\adwcleaner.exe
2012-06-09 05:43 . 2012-07-11 09:56 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 09:56 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 09:56 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 09:55 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 09:56 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 09:56 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 09:55 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 12:13 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:13 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 12:13 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:13 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:13 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 12:13 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 12:13 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 12:12 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 12:12 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 09:56 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 09:56 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 09:56 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 09:56 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 09:56 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 09:56 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 09:56 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 09:56 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 09:56 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"F-Secure Manager"="c:\program files (x86)\VR-Web Sicherheitspaket\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files (x86)\VR-Web Sicherheitspaket\FSGUI\TNBUtil.exe" [2011-11-09 1655464]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="C:\OTL3.exe" [2012-07-10 595968]
.
c:\users\Manu&Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\windows\System32\rundll32.exe [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-1-26 1380504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2011-11-09 50384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-01-31 121960]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-08-17 56016]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-17 27712]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\VR-Web Sicherheitspaket\HIPS\drivers\fshs.sys [2009-11-18 59784]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-18 94024]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\VR-Web Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys [2009-11-18 16768]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-17 1999168]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-16 380224]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\VR-Web Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\VR-Web Sicherheitspaket\ORSP Client\fsorsp.exe [2011-11-09 61088]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-10-31 8615936]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:05]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 09:44]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 09:44]
.
2011-11-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2012-08-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-08-29 4146848]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-08-08 2034752]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-10-17 317248]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\VR-Web Sicherheitspaket\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.178.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-BrowserChoice - c:\windows\System32\browserchoice.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-25 20:05:30
ComboFix-quarantined-files.txt 2012-08-25 18:05
.
Vor Suchlauf: 13 Verzeichnis(se), 391.247.515.648 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 391.103.934.464 Bytes frei
.
- - End Of File - - 8E29512A1E6880A174F420FAAAFD8AE8
|
|
03.09.2012, 15:44
| #36 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | neuen GVU-trojaner mit web-cam eingefangen (bin laie) Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> neuen GVU-trojaner mit web-cam eingefangen (bin laie) |
|
| Themen zu neuen GVU-trojaner mit web-cam eingefangen (bin laie) |
| adobe flash player, autorun, bho, bonjour, defender, desktop, eingefangen, error, explorer, firefox, flash player, format, fotos, gefangen, gen, google earth, gvu-trojaner, helper, home, install.exe, kompliziert, logfile, microsoft office starter 2010, monitor, neue, neuen, nvidia, nvidia update, nvpciflt.sys, object, officejet, plug-in, realtek, registry, rundll, scan, searchscopes, software, svchost.exe, udp, windows, wscript.exe |
Linear-Darstellung
