| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU- Trjaner mit WebcamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.12.2012, 16:41
| #1 |
 |  GVU- Trjaner mit Webcam Guten Tag, ich habe mir wohl auch den GVU Trojanger gefangen. Am Anhang befindet sich eine winrar-datei mit den beiden OTL logs und dem Malwarebytes-log. Vielen Dnak schonmal im Vorraus. |
|
17.12.2012, 19:39
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU- Trjaner mit Webcam Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
18.12.2012, 10:42
| #3 |
| | GVU- Trjaner mit Webcam hallo,
__________________der malwarebytes- log ist in der winrar-datei im anhang mit den 2 OTL- logs. Ansonsten habe ich keinen scan durchgeführt? Ich benutze das Avira AntiVir programm, soll ich damit auch noch einen scan durchführen und soll ich die Otl und malwarebytes-logs in den code-befehl setzen oder reicht das so als upload. Vielen Dank lg |
|
18.12.2012, 22:06
| #4 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU- Trjaner mit WebcamZitat:
 Es geht erstmal da drum, dass du alle vorhandenen Logs postest Sowas frage ich immer, kann ja sein, dass du Logs vergessen hast Hat AntiVir mal Funde gehabt? Wenn ja wo sind die Logs dazu? Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.12.2012, 14:29
| #5 |
| | GVU- Trjaner mit Webcam alles kla, alles jetzt folgende in code- tags. AntiVir hatte keinen Fund in letzter Zeit, habe da also dementsprechend keinen anderen log als die OTL Dateien und den Malwarebytes-log. |
|
19.12.2012, 23:12
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU- Trjaner mit Webcam Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> GVU- Trjaner mit Webcam |
|
20.12.2012, 00:18
| #7 |
| | GVU- Trjaner mit Webcam Vielen Dank. Hier ist der aswMBR-log. Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-20 00:08:46
-----------------------------
00:08:46.698 OS Version: Windows x64 6.1.7601 Service Pack 1
00:08:46.698 Number of processors: 4 586 0x2A07
00:08:46.698 ComputerName: NIKLAS-PC UserName: Niklas
00:08:47.608 Initialize success
00:08:53.118 AVAST engine defs: 12121901
00:09:00.799 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:09:00.799 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
00:09:00.889 Disk 0 MBR read successfully
00:09:00.889 Disk 0 MBR scan
00:09:00.899 Disk 0 Windows 7 default MBR code
00:09:00.919 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
00:09:00.929 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 190776 MB offset 52430848
00:09:00.939 Disk 0 Partition - 00 0F Extended LBA 260562 MB offset 443140096
00:09:00.969 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 260561 MB offset 443142144
00:09:01.079 Disk 0 scanning C:\Windows\system32\drivers
00:09:13.598 Service scanning
00:09:40.894 Modules scanning
00:09:40.904 Disk 0 trace - called modules:
00:09:41.304 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
00:09:41.314 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80081ca060]
00:09:41.324 3 CLASSPNP.SYS[fffff88001b7d43f] -> nt!IofCallDriver -> [0xfffffa80062e8e40]
00:09:41.334 5 ACPI.sys[fffff88000d867a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800664c050]
00:09:41.344 Scan finished successfully
00:10:40.704 Disk 0 MBR has been saved successfully to "C:\Users\Niklas\Desktop\MBR.dat"
00:10:40.704 The log file has been saved successfully to "C:\Users\Niklas\Desktop\aswMBR.txt"
Code:
ATTFilter 00:13:46.0268 0624 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:13:46.0471 0624 ============================================================
00:13:46.0471 0624 Current date / time: 2012/12/20 00:13:46.0471
00:13:46.0471 0624 SystemInfo:
00:13:46.0471 0624
00:13:46.0471 0624 OS Version: 6.1.7601 ServicePack: 1.0
00:13:46.0471 0624 Product type: Workstation
00:13:46.0471 0624 ComputerName: NIKLAS-PC
00:13:46.0471 0624 UserName: Niklas
00:13:46.0471 0624 Windows directory: C:\Windows
00:13:46.0471 0624 System windows directory: C:\Windows
00:13:46.0471 0624 Running under WOW64
00:13:46.0471 0624 Processor architecture: Intel x64
00:13:46.0471 0624 Number of processors: 4
00:13:46.0471 0624 Page size: 0x1000
00:13:46.0471 0624 Boot type: Normal boot
00:13:46.0471 0624 ============================================================
00:13:47.0157 0624 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:13:47.0157 0624 ============================================================
00:13:47.0157 0624 \Device\Harddisk0\DR0:
00:13:47.0157 0624 MBR partitions:
00:13:47.0157 0624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
00:13:47.0189 0624 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
00:13:47.0189 0624 ============================================================
00:13:47.0204 0624 C: <-> \Device\Harddisk0\DR0\Partition1
00:13:47.0235 0624 D: <-> \Device\Harddisk0\DR0\Partition2
00:13:47.0235 0624 ============================================================
00:13:47.0235 0624 Initialize success
00:13:47.0235 0624 ============================================================
00:14:16.0589 4172 ============================================================
00:14:16.0589 4172 Scan started
00:14:16.0589 4172 Mode: Manual; SigCheck; TDLFS;
00:14:16.0589 4172 ============================================================
00:14:16.0886 4172 ================ Scan system memory ========================
00:14:16.0886 4172 System memory - ok
00:14:16.0886 4172 ================ Scan services =============================
00:14:17.0026 4172 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:14:17.0120 4172 1394ohci - ok
00:14:17.0151 4172 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:14:17.0167 4172 ACPI - ok
00:14:17.0182 4172 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:14:17.0213 4172 AcpiPmi - ok
00:14:17.0260 4172 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
00:14:17.0291 4172 acsock - ok
00:14:17.0354 4172 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:14:17.0385 4172 adp94xx - ok
00:14:17.0416 4172 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:14:17.0447 4172 adpahci - ok
00:14:17.0463 4172 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:14:17.0510 4172 adpu320 - ok
00:14:17.0557 4172 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:14:17.0619 4172 AeLookupSvc - ok
00:14:17.0697 4172 [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent C:\Windows\system32\FBAgent.exe
00:14:17.0728 4172 AFBAgent - ok
00:14:17.0775 4172 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:14:17.0837 4172 AFD - ok
00:14:17.0853 4172 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:14:17.0869 4172 agp440 - ok
00:14:17.0900 4172 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:14:17.0947 4172 ALG - ok
00:14:17.0978 4172 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:14:17.0993 4172 aliide - ok
00:14:18.0009 4172 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:14:18.0025 4172 amdide - ok
00:14:18.0040 4172 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:14:18.0087 4172 AmdK8 - ok
00:14:18.0087 4172 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
00:14:18.0118 4172 AmdPPM - ok
00:14:18.0149 4172 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:14:18.0181 4172 amdsata - ok
00:14:18.0212 4172 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
00:14:18.0243 4172 amdsbs - ok
00:14:18.0259 4172 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:14:18.0274 4172 amdxata - ok
00:14:18.0352 4172 [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
00:14:18.0383 4172 Amsp - ok
00:14:18.0477 4172 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:14:18.0508 4172 AntiVirSchedulerService - ok
00:14:18.0555 4172 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:14:18.0586 4172 AntiVirService - ok
00:14:18.0602 4172 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:14:18.0664 4172 AppID - ok
00:14:18.0695 4172 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:14:18.0758 4172 AppIDSvc - ok
00:14:18.0773 4172 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:14:18.0820 4172 Appinfo - ok
00:14:18.0851 4172 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
00:14:18.0867 4172 arc - ok
00:14:18.0867 4172 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:14:18.0883 4172 arcsas - ok
00:14:18.0945 4172 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
00:14:18.0976 4172 ASLDRService - ok
00:14:19.0023 4172 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
00:14:19.0039 4172 ASMMAP64 - ok
00:14:19.0132 4172 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:14:19.0179 4172 aspnet_state - ok
00:14:19.0210 4172 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:14:19.0273 4172 AsyncMac - ok
00:14:19.0304 4172 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:14:19.0319 4172 atapi - ok
00:14:19.0351 4172 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
00:14:19.0366 4172 AthBTPort - ok
00:14:19.0413 4172 [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
00:14:19.0413 4172 Atheros Bt&Wlan Coex Agent - ok
00:14:19.0429 4172 [ 21753130331188C4B474E1D3B396E629 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
00:14:19.0429 4172 AtherosSvc - ok
00:14:19.0538 4172 [ B4174564AD5834A1680610572477878C ] athr C:\Windows\system32\DRIVERS\athrx.sys
00:14:19.0694 4172 athr - ok
00:14:19.0709 4172 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
00:14:19.0725 4172 ATKGFNEXSrv - ok
00:14:19.0772 4172 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
00:14:19.0787 4172 ATKWMIACPIIO - ok
00:14:19.0819 4172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:14:19.0881 4172 AudioEndpointBuilder - ok
00:14:19.0897 4172 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:14:19.0928 4172 AudioSrv - ok
00:14:19.0990 4172 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
00:14:20.0006 4172 avgntflt - ok
00:14:20.0037 4172 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
00:14:20.0053 4172 avipbb - ok
00:14:20.0099 4172 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:14:20.0193 4172 AxInstSV - ok
00:14:20.0255 4172 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
00:14:20.0349 4172 b06bdrv - ok
00:14:20.0380 4172 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:14:20.0411 4172 b57nd60a - ok
00:14:20.0474 4172 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:14:20.0521 4172 BDESVC - ok
00:14:20.0552 4172 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:14:20.0630 4172 Beep - ok
00:14:20.0692 4172 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:14:20.0801 4172 BFE - ok
00:14:20.0833 4172 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
00:14:20.0942 4172 BITS - ok
00:14:20.0957 4172 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:14:21.0004 4172 blbdrive - ok
00:14:21.0051 4172 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:14:21.0113 4172 bowser - ok
00:14:21.0129 4172 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
00:14:21.0191 4172 BrFiltLo - ok
00:14:21.0223 4172 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
00:14:21.0238 4172 BrFiltUp - ok
00:14:21.0285 4172 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:14:21.0316 4172 Browser - ok
00:14:21.0347 4172 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:14:21.0394 4172 Brserid - ok
00:14:21.0394 4172 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:14:21.0425 4172 BrSerWdm - ok
00:14:21.0441 4172 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:14:21.0472 4172 BrUsbMdm - ok
00:14:21.0488 4172 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:14:21.0535 4172 BrUsbSer - ok
00:14:21.0581 4172 [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
00:14:21.0613 4172 BTATH_A2DP - ok
00:14:21.0644 4172 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
00:14:21.0659 4172 BTATH_BUS - ok
00:14:21.0675 4172 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
00:14:21.0691 4172 BTATH_HCRP - ok
00:14:21.0706 4172 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
00:14:21.0706 4172 BTATH_LWFLT - ok
00:14:21.0722 4172 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
00:14:21.0722 4172 BTATH_RCP - ok
00:14:21.0784 4172 [ AA0F5AFCF077C5246589B32ECEEAE566 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
00:14:21.0784 4172 BtFilter - ok
00:14:21.0831 4172 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
00:14:21.0971 4172 BthEnum - ok
00:14:22.0003 4172 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:14:22.0034 4172 BTHMODEM - ok
00:14:22.0065 4172 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:14:22.0096 4172 BthPan - ok
00:14:22.0143 4172 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
00:14:22.0174 4172 BTHPORT - ok
00:14:22.0221 4172 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:14:22.0315 4172 bthserv - ok
00:14:22.0346 4172 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
00:14:22.0361 4172 BTHUSB - ok
00:14:22.0408 4172 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:14:22.0455 4172 cdfs - ok
00:14:22.0479 4172 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:14:22.0510 4172 cdrom - ok
00:14:22.0557 4172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:14:22.0642 4172 CertPropSvc - ok
00:14:22.0675 4172 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
00:14:22.0698 4172 circlass - ok
00:14:22.0761 4172 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:14:22.0799 4172 CLFS - ok
00:14:22.0878 4172 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:14:22.0901 4172 clr_optimization_v2.0.50727_32 - ok
00:14:22.0964 4172 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:14:22.0979 4172 clr_optimization_v2.0.50727_64 - ok
00:14:23.0053 4172 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:14:23.0135 4172 clr_optimization_v4.0.30319_32 - ok
00:14:23.0160 4172 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:14:23.0176 4172 clr_optimization_v4.0.30319_64 - ok
00:14:23.0208 4172 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:14:23.0232 4172 CmBatt - ok
00:14:23.0251 4172 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:14:23.0262 4172 cmdide - ok
00:14:23.0299 4172 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:14:23.0322 4172 CNG - ok
00:14:23.0359 4172 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
00:14:23.0368 4172 Compbatt - ok
00:14:23.0378 4172 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
00:14:23.0415 4172 CompositeBus - ok
00:14:23.0427 4172 COMSysApp - ok
00:14:23.0440 4172 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:14:23.0449 4172 crcdisk - ok
00:14:23.0480 4172 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:14:23.0538 4172 CryptSvc - ok
00:14:23.0579 4172 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
00:14:23.0594 4172 CVirtA - ok
00:14:23.0672 4172 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
00:14:23.0719 4172 CVPND - ok
00:14:23.0750 4172 [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
00:14:23.0766 4172 CVPNDRVA - ok
00:14:23.0797 4172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:14:23.0860 4172 DcomLaunch - ok
00:14:23.0891 4172 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:14:23.0938 4172 defragsvc - ok
00:14:23.0984 4172 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:14:24.0062 4172 DfsC - ok
00:14:24.0094 4172 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:14:24.0156 4172 Dhcp - ok
00:14:24.0172 4172 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:14:24.0234 4172 discache - ok
00:14:24.0281 4172 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
00:14:24.0296 4172 Disk - ok
00:14:24.0359 4172 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
00:14:24.0374 4172 DNE - ok
00:14:24.0406 4172 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:14:24.0468 4172 Dnscache - ok
00:14:24.0515 4172 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:14:24.0593 4172 dot3svc - ok
00:14:24.0608 4172 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:14:24.0686 4172 DPS - ok
00:14:24.0702 4172 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:14:24.0749 4172 drmkaud - ok
00:14:24.0780 4172 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:14:24.0842 4172 DXGKrnl - ok
00:14:24.0889 4172 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:14:24.0967 4172 EapHost - ok
00:14:25.0061 4172 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
00:14:25.0154 4172 ebdrv - ok
00:14:25.0186 4172 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:14:25.0232 4172 EFS - ok
00:14:25.0326 4172 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:14:25.0388 4172 ehRecvr - ok
00:14:25.0404 4172 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:14:25.0466 4172 ehSched - ok
00:14:25.0544 4172 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:14:25.0591 4172 elxstor - ok
00:14:25.0685 4172 [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
00:14:25.0747 4172 EPSON_EB_RPCV4_04 - ok
00:14:25.0778 4172 [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
00:14:25.0810 4172 EPSON_PM_RPCV4_04 - ok
00:14:25.0825 4172 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:14:25.0872 4172 ErrDev - ok
00:14:25.0919 4172 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
00:14:25.0934 4172 esgiguard - ok
00:14:25.0966 4172 [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner C:\Windows\system32\DRIVERS\EsgScanner.sys
00:14:25.0981 4172 EsgScanner - ok
00:14:26.0012 4172 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:14:26.0075 4172 EventSystem - ok
00:14:26.0122 4172 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:14:26.0168 4172 exfat - ok
00:14:26.0200 4172 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:14:26.0278 4172 fastfat - ok
00:14:26.0324 4172 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:14:26.0434 4172 Fax - ok
00:14:26.0449 4172 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
00:14:26.0480 4172 fdc - ok
00:14:26.0512 4172 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:14:26.0558 4172 fdPHost - ok
00:14:26.0574 4172 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:14:26.0621 4172 FDResPub - ok
00:14:26.0652 4172 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:14:26.0668 4172 FileInfo - ok
00:14:26.0683 4172 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:14:26.0761 4172 Filetrace - ok
00:14:26.0777 4172 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
00:14:26.0792 4172 flpydisk - ok
00:14:26.0824 4172 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:14:26.0839 4172 FltMgr - ok
00:14:26.0886 4172 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:14:26.0948 4172 FontCache - ok
00:14:27.0011 4172 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:14:27.0026 4172 FontCache3.0.0.0 - ok
00:14:27.0042 4172 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:14:27.0058 4172 FsDepends - ok
00:14:27.0089 4172 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:14:27.0104 4172 fssfltr - ok
00:14:27.0182 4172 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:14:27.0260 4172 fsssvc - ok
00:14:27.0292 4172 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:14:27.0292 4172 Fs_Rec - ok
00:14:27.0338 4172 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:14:27.0354 4172 fvevol - ok
00:14:27.0370 4172 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:14:27.0385 4172 gagp30kx - ok
00:14:27.0416 4172 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:14:27.0494 4172 gpsvc - ok
00:14:27.0541 4172 gupdate - ok
00:14:27.0557 4172 gupdatem - ok
00:14:27.0588 4172 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:14:27.0604 4172 gusvc - ok
00:14:27.0650 4172 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
00:14:27.0682 4172 hamachi - ok
00:14:27.0806 4172 [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
00:14:27.0884 4172 Hamachi2Svc - ok
00:14:27.0916 4172 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:14:27.0947 4172 hcw85cir - ok
00:14:27.0978 4172 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:14:28.0009 4172 HdAudAddService - ok
00:14:28.0025 4172 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:14:28.0056 4172 HDAudBus - ok
00:14:28.0056 4172 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
00:14:28.0087 4172 HidBatt - ok
00:14:28.0118 4172 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:14:28.0134 4172 HidBth - ok
00:14:28.0134 4172 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
00:14:28.0150 4172 HidIr - ok
00:14:28.0165 4172 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:14:28.0212 4172 hidserv - ok
00:14:28.0259 4172 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:14:28.0306 4172 HidUsb - ok
00:14:28.0337 4172 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:14:28.0430 4172 hkmsvc - ok
00:14:28.0446 4172 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:14:28.0493 4172 HomeGroupListener - ok
00:14:28.0524 4172 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:14:28.0555 4172 HomeGroupProvider - ok
00:14:28.0586 4172 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:14:28.0586 4172 HpSAMD - ok
00:14:28.0618 4172 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:14:28.0664 4172 HTTP - ok
00:14:28.0711 4172 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:14:28.0711 4172 hwpolicy - ok
00:14:28.0758 4172 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:14:28.0789 4172 i8042prt - ok
00:14:28.0837 4172 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:14:28.0853 4172 iaStor - ok
00:14:28.0931 4172 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:14:28.0946 4172 iaStorV - ok
00:14:29.0009 4172 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:14:29.0087 4172 idsvc - ok
00:14:29.0352 4172 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:14:29.0726 4172 igfx - ok
00:14:29.0773 4172 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:14:29.0773 4172 iirsp - ok
00:14:29.0820 4172 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:14:29.0898 4172 IKEEXT - ok
00:14:30.0038 4172 [ 9F573C952961F444F400489E81ECA381 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:14:30.0147 4172 IntcAzAudAddService - ok
00:14:30.0225 4172 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
00:14:30.0257 4172 IntcDAud - ok
00:14:30.0288 4172 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:14:30.0303 4172 intelide - ok
00:14:30.0319 4172 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:14:30.0350 4172 intelppm - ok
00:14:30.0381 4172 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:14:30.0444 4172 IPBusEnum - ok
00:14:30.0459 4172 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:14:30.0553 4172 IpFilterDriver - ok
00:14:30.0584 4172 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:14:30.0631 4172 iphlpsvc - ok
00:14:30.0647 4172 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:14:30.0662 4172 IPMIDRV - ok
00:14:30.0678 4172 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:14:30.0725 4172 IPNAT - ok
00:14:30.0756 4172 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:14:30.0771 4172 IRENUM - ok
00:14:30.0787 4172 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:14:30.0803 4172 isapnp - ok
00:14:30.0818 4172 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:14:30.0834 4172 iScsiPrt - ok
00:14:30.0849 4172 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:14:30.0865 4172 kbdclass - ok
00:14:30.0896 4172 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:14:30.0912 4172 kbdhid - ok
00:14:30.0959 4172 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
00:14:30.0990 4172 kbfiltr - ok
00:14:31.0005 4172 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:14:31.0021 4172 KeyIso - ok
00:14:31.0052 4172 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:14:31.0052 4172 KSecDD - ok
00:14:31.0083 4172 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:14:31.0099 4172 KSecPkg - ok
00:14:31.0115 4172 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:14:31.0161 4172 ksthunk - ok
00:14:31.0193 4172 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:14:31.0239 4172 KtmRm - ok
00:14:31.0255 4172 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
00:14:31.0286 4172 L1C - ok
00:14:31.0317 4172 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:14:31.0364 4172 LanmanServer - ok
00:14:31.0411 4172 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:14:31.0442 4172 LanmanWorkstation - ok
00:14:31.0520 4172 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
00:14:31.0551 4172 LBTServ - ok
00:14:31.0583 4172 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:14:31.0598 4172 LHidFilt - ok
00:14:31.0629 4172 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:14:31.0676 4172 lltdio - ok
00:14:31.0707 4172 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:14:31.0754 4172 lltdsvc - ok
00:14:31.0770 4172 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:14:31.0801 4172 lmhosts - ok
00:14:31.0817 4172 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:14:31.0817 4172 LMouFilt - ok
00:14:31.0879 4172 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:14:31.0879 4172 LSI_FC - ok
00:14:31.0895 4172 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:14:31.0895 4172 LSI_SAS - ok
00:14:31.0910 4172 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
00:14:31.0910 4172 LSI_SAS2 - ok
00:14:31.0910 4172 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:14:31.0926 4172 LSI_SCSI - ok
00:14:31.0957 4172 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:14:32.0035 4172 luafv - ok
00:14:32.0066 4172 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
00:14:32.0082 4172 LUsbFilt - ok
00:14:32.0097 4172 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:14:32.0129 4172 MBAMProtector - ok
00:14:32.0207 4172 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:14:32.0238 4172 MBAMScheduler - ok
00:14:32.0285 4172 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:14:32.0300 4172 MBAMService - ok
00:14:32.0331 4172 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:14:32.0363 4172 Mcx2Svc - ok
00:14:32.0378 4172 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
00:14:32.0378 4172 megasas - ok
00:14:32.0409 4172 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
00:14:32.0425 4172 MegaSR - ok
00:14:32.0472 4172 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
00:14:32.0503 4172 MEIx64 - ok
00:14:32.0519 4172 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:14:32.0612 4172 MMCSS - ok
00:14:32.0628 4172 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:14:32.0659 4172 Modem - ok
00:14:32.0690 4172 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:14:32.0721 4172 monitor - ok
00:14:32.0753 4172 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:14:32.0753 4172 mouclass - ok
00:14:32.0768 4172 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:14:32.0799 4172 mouhid - ok
00:14:32.0831 4172 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:14:32.0846 4172 mountmgr - ok
00:14:32.0893 4172 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:14:32.0924 4172 MozillaMaintenance - ok
00:14:32.0955 4172 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:14:32.0971 4172 mpio - ok
00:14:32.0987 4172 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:14:33.0033 4172 mpsdrv - ok
00:14:33.0096 4172 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:14:33.0205 4172 MpsSvc - ok
00:14:33.0221 4172 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:14:33.0252 4172 MRxDAV - ok
00:14:33.0283 4172 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:14:33.0330 4172 mrxsmb - ok
00:14:33.0361 4172 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:14:33.0392 4172 mrxsmb10 - ok
00:14:33.0408 4172 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:14:33.0455 4172 mrxsmb20 - ok
00:14:33.0486 4172 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:14:33.0501 4172 msahci - ok
00:14:33.0517 4172 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:14:33.0517 4172 msdsm - ok
00:14:33.0533 4172 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:14:33.0564 4172 MSDTC - ok
00:14:33.0579 4172 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:14:33.0611 4172 Msfs - ok
00:14:33.0626 4172 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:14:33.0673 4172 mshidkmdf - ok
00:14:33.0689 4172 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:14:33.0689 4172 msisadrv - ok
00:14:33.0720 4172 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:14:33.0782 4172 MSiSCSI - ok
00:14:33.0782 4172 msiserver - ok
00:14:33.0813 4172 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:14:33.0845 4172 MSKSSRV - ok
00:14:33.0845 4172 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:14:33.0891 4172 MSPCLOCK - ok
00:14:33.0907 4172 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:14:33.0938 4172 MSPQM - ok
00:14:33.0969 4172 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:14:33.0985 4172 MsRPC - ok
00:14:34.0001 4172 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:14:34.0001 4172 mssmbios - ok
00:14:34.0016 4172 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:14:34.0047 4172 MSTEE - ok
00:14:34.0063 4172 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
00:14:34.0079 4172 MTConfig - ok
00:14:34.0110 4172 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:14:34.0110 4172 Mup - ok
00:14:34.0141 4172 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:14:34.0219 4172 napagent - ok
00:14:34.0250 4172 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:14:34.0281 4172 NativeWifiP - ok
00:14:34.0328 4172 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:14:34.0375 4172 NDIS - ok
00:14:34.0406 4172 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:14:34.0453 4172 NdisCap - ok
00:14:34.0484 4172 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:14:34.0531 4172 NdisTapi - ok
00:14:34.0547 4172 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:14:34.0578 4172 Ndisuio - ok
00:14:34.0593 4172 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:14:34.0640 4172 NdisWan - ok
00:14:34.0671 4172 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:14:34.0703 4172 NDProxy - ok
00:14:34.0734 4172 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:14:34.0781 4172 NetBIOS - ok
00:14:34.0781 4172 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:14:34.0827 4172 NetBT - ok
00:14:34.0843 4172 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:14:34.0859 4172 Netlogon - ok
00:14:34.0890 4172 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:14:34.0937 4172 Netman - ok
00:14:34.0983 4172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:14:35.0030 4172 NetMsmqActivator - ok
00:14:35.0046 4172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:14:35.0061 4172 NetPipeActivator - ok
00:14:35.0093 4172 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:14:35.0155 4172 netprofm - ok
00:14:35.0171 4172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:14:35.0186 4172 NetTcpActivator - ok
00:14:35.0186 4172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:14:35.0186 4172 NetTcpPortSharing - ok
00:14:35.0217 4172 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:14:35.0233 4172 nfrd960 - ok
00:14:35.0249 4172 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:14:35.0264 4172 NlaSvc - ok
00:14:35.0280 4172 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:14:35.0311 4172 Npfs - ok
00:14:35.0327 4172 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:14:35.0358 4172 nsi - ok
00:14:35.0373 4172 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:14:35.0405 4172 nsiproxy - ok
00:14:35.0467 4172 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:14:35.0514 4172 Ntfs - ok
00:14:35.0529 4172 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:14:35.0576 4172 Null - ok
00:14:35.0873 4172 [ 07CA1D99512EE5EF99E954A13F3BFFA8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:14:36.0216 4172 nvlddmkm - ok
00:14:36.0231 4172 [ A8DB9EBD9887A9820DBC1878F0301EE7 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
00:14:36.0247 4172 nvpciflt - ok
00:14:36.0294 4172 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:14:36.0325 4172 nvraid - ok
00:14:36.0341 4172 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:14:36.0356 4172 nvstor - ok
00:14:36.0403 4172 [ 9007A22A1938A9EF81CA5122121ECCD8 ] NVSvc C:\Windows\system32\nvvsvc.exe
00:14:36.0450 4172 NVSvc - ok
00:14:36.0543 4172 [ 00572C26C6DCF99362068FB7283B7126 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
00:14:36.0637 4172 nvUpdatusService - ok
00:14:36.0668 4172 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:14:36.0684 4172 nv_agp - ok
00:14:36.0684 4172 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:14:36.0715 4172 ohci1394 - ok
00:14:36.0777 4172 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:14:36.0809 4172 ose - ok
00:14:36.0996 4172 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:14:37.0074 4172 osppsvc - ok
00:14:37.0089 4172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:14:37.0121 4172 p2pimsvc - ok
00:14:37.0152 4172 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:14:37.0167 4172 p2psvc - ok
00:14:37.0199 4172 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
00:14:37.0214 4172 Parport - ok
00:14:37.0230 4172 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:14:37.0245 4172 partmgr - ok
00:14:37.0261 4172 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:14:37.0308 4172 PcaSvc - ok
00:14:37.0323 4172 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:14:37.0339 4172 pci - ok
00:14:37.0355 4172 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:14:37.0355 4172 pciide - ok
00:14:37.0370 4172 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:14:37.0386 4172 pcmcia - ok
00:14:37.0401 4172 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:14:37.0417 4172 pcw - ok
00:14:37.0433 4172 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:14:37.0479 4172 PEAUTH - ok
00:14:37.0557 4172 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:14:37.0620 4172 PerfHost - ok
00:14:37.0682 4172 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:14:37.0776 4172 pla - ok
00:14:37.0854 4172 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:14:37.0901 4172 PlugPlay - ok
00:14:37.0901 4172 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:14:37.0932 4172 PNRPAutoReg - ok
00:14:37.0947 4172 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:14:37.0947 4172 PNRPsvc - ok
00:14:37.0994 4172 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:14:38.0088 4172 PolicyAgent - ok
00:14:38.0103 4172 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:14:38.0150 4172 Power - ok
00:14:38.0181 4172 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:14:38.0228 4172 PptpMiniport - ok
00:14:38.0244 4172 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
00:14:38.0259 4172 Processor - ok
00:14:38.0291 4172 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:14:38.0353 4172 ProfSvc - ok
00:14:38.0369 4172 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:14:38.0384 4172 ProtectedStorage - ok
00:14:38.0431 4172 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:14:38.0478 4172 Psched - ok
00:14:38.0540 4172 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:14:38.0587 4172 ql2300 - ok
00:14:38.0587 4172 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:14:38.0603 4172 ql40xx - ok
00:14:38.0618 4172 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:14:38.0649 4172 QWAVE - ok
00:14:38.0649 4172 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:14:38.0696 4172 QWAVEdrv - ok
00:14:38.0712 4172 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:14:38.0743 4172 RasAcd - ok
00:14:38.0790 4172 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:14:38.0852 4172 RasAgileVpn - ok
00:14:38.0883 4172 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:14:38.0946 4172 RasAuto - ok
00:14:38.0961 4172 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:14:38.0993 4172 Rasl2tp - ok
00:14:39.0024 4172 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:14:39.0055 4172 RasMan - ok
00:14:39.0071 4172 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:14:39.0102 4172 RasPppoe - ok
00:14:39.0117 4172 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:14:39.0164 4172 RasSstp - ok
00:14:39.0180 4172 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:14:39.0227 4172 rdbss - ok
00:14:39.0242 4172 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
00:14:39.0258 4172 rdpbus - ok
00:14:39.0273 4172 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:14:39.0305 4172 RDPCDD - ok
00:14:39.0320 4172 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:14:39.0367 4172 RDPENCDD - ok
00:14:39.0383 4172 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:14:39.0414 4172 RDPREFMP - ok
00:14:39.0445 4172 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:14:39.0492 4172 RDPWD - ok
00:14:39.0523 4172 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:14:39.0539 4172 rdyboost - ok
00:14:39.0570 4172 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:14:39.0632 4172 RemoteAccess - ok
00:14:39.0663 4172 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:14:39.0710 4172 RemoteRegistry - ok
00:14:39.0741 4172 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:14:39.0773 4172 RFCOMM - ok
00:14:39.0788 4172 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:14:39.0819 4172 RpcEptMapper - ok
00:14:39.0851 4172 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:14:39.0866 4172 RpcLocator - ok
00:14:39.0882 4172 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:14:39.0929 4172 RpcSs - ok
00:14:39.0960 4172 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:14:39.0991 4172 rspndr - ok
00:14:40.0038 4172 [ E57FAC2CDB73F06586ED2ED310B80932 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys
00:14:40.0069 4172 RSUSBVSTOR - ok
00:14:40.0100 4172 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:14:40.0116 4172 RTL8167 - ok
00:14:40.0116 4172 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:14:40.0131 4172 SamSs - ok
00:14:40.0147 4172 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:14:40.0163 4172 sbp2port - ok
00:14:40.0194 4172 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:14:40.0225 4172 SCardSvr - ok
00:14:40.0241 4172 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:14:40.0287 4172 scfilter - ok
00:14:40.0319 4172 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:14:40.0381 4172 Schedule - ok
00:14:40.0412 4172 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:14:40.0443 4172 SCPolicySvc - ok
00:14:40.0443 4172 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:14:40.0506 4172 SDRSVC - ok
00:14:40.0521 4172 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:14:40.0568 4172 secdrv - ok
00:14:40.0599 4172 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:14:40.0631 4172 seclogon - ok
00:14:40.0646 4172 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:14:40.0677 4172 SENS - ok
00:14:40.0693 4172 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:14:40.0724 4172 SensrSvc - ok
00:14:40.0755 4172 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
00:14:40.0771 4172 Serenum - ok
00:14:40.0787 4172 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
00:14:40.0818 4172 Serial - ok
00:14:40.0833 4172 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:14:40.0865 4172 sermouse - ok
00:14:40.0896 4172 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:14:40.0943 4172 SessionEnv - ok
00:14:40.0943 4172 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:14:40.0974 4172 sffdisk - ok
00:14:40.0989 4172 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:14:41.0021 4172 sffp_mmc - ok
00:14:41.0021 4172 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:14:41.0036 4172 sffp_sd - ok
00:14:41.0036 4172 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:14:41.0052 4172 sfloppy - ok
00:14:41.0083 4172 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:14:41.0145 4172 SharedAccess - ok
00:14:41.0177 4172 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:14:41.0223 4172 ShellHWDetection - ok
00:14:41.0239 4172 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
00:14:41.0255 4172 SiSGbeLH - ok
00:14:41.0286 4172 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
00:14:41.0286 4172 SiSRaid2 - ok
00:14:41.0301 4172 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:14:41.0301 4172 SiSRaid4 - ok
00:14:41.0364 4172 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:14:41.0395 4172 SkypeUpdate - ok
00:14:41.0411 4172 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:14:41.0457 4172 Smb - ok
00:14:41.0489 4172 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:14:41.0520 4172 SNMPTRAP - ok
00:14:41.0520 4172 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:14:41.0535 4172 spldr - ok
00:14:41.0567 4172 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:14:41.0613 4172 Spooler - ok
00:14:41.0707 4172 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:14:41.0832 4172 sppsvc - ok
00:14:41.0863 4172 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:14:41.0894 4172 sppuinotify - ok
00:14:41.0972 4172 [ 8978ED1D492B1A430857A43CDD130AED ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
00:14:42.0003 4172 SpyHunter 4 Service - ok
00:14:42.0035 4172 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:14:42.0066 4172 srv - ok
00:14:42.0081 4172 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:14:42.0113 4172 srv2 - ok
00:14:42.0128 4172 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:14:42.0144 4172 srvnet - ok
00:14:42.0191 4172 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:14:42.0253 4172 SSDPSRV - ok
00:14:42.0269 4172 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:14:42.0315 4172 SstpSvc - ok
00:14:42.0362 4172 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
00:14:42.0362 4172 stexstor - ok
00:14:42.0393 4172 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:14:42.0425 4172 stisvc - ok
00:14:42.0440 4172 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:14:42.0456 4172 swenum - ok
00:14:42.0471 4172 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:14:42.0503 4172 swprv - ok
00:14:42.0590 4172 [ F0D7C68CDA9784689CAA72C17AF393B2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:14:42.0666 4172 SynTP - ok
00:14:42.0701 4172 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:14:42.0765 4172 SysMain - ok
00:14:42.0778 4172 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:14:42.0815 4172 TabletInputService - ok
00:14:42.0863 4172 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
00:14:42.0887 4172 tap0901t ( UnsignedFile.Multi.Generic ) - warning
00:14:42.0887 4172 tap0901t - detected UnsignedFile.Multi.Generic (1)
00:14:42.0923 4172 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:14:42.0979 4172 TapiSrv - ok
00:14:42.0996 4172 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:14:43.0033 4172 TBS - ok
00:14:43.0107 4172 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:14:43.0174 4172 Tcpip - ok
00:14:43.0243 4172 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:14:43.0298 4172 TCPIP6 - ok
00:14:43.0315 4172 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:14:43.0342 4172 tcpipreg - ok
00:14:43.0371 4172 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:14:43.0379 4172 TDPIPE - ok
00:14:43.0421 4172 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:14:43.0456 4172 TDTCP - ok
00:14:43.0476 4172 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:14:43.0546 4172 tdx - ok
00:14:43.0558 4172 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:14:43.0567 4172 TermDD - ok
00:14:43.0594 4172 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:14:43.0641 4172 TermService - ok
00:14:43.0657 4172 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:14:43.0688 4172 Themes - ok
00:14:43.0704 4172 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:14:43.0735 4172 THREADORDER - ok
00:14:43.0813 4172 [ 69D76CE06BB629B69165C81D83A4B03E ] TiMiniService C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
00:14:43.0844 4172 TiMiniService - ok
00:14:43.0875 4172 [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
00:14:43.0891 4172 tmactmon - ok
00:14:43.0891 4172 [ 360E61217D4E1E333583D0C721057F70 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
00:14:43.0906 4172 tmcomm - ok
00:14:43.0922 4172 [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
00:14:43.0938 4172 tmevtmgr - ok
00:14:43.0953 4172 [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
00:14:43.0969 4172 tmtdi - ok
00:14:43.0984 4172 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:14:44.0016 4172 TrkWks - ok
00:14:44.0078 4172 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:14:44.0156 4172 TrustedInstaller - ok
00:14:44.0187 4172 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:14:44.0250 4172 tssecsrv - ok
00:14:44.0265 4172 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:14:44.0296 4172 TsUsbFlt - ok
00:14:44.0296 4172 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
00:14:44.0328 4172 TsUsbGD - ok
00:14:44.0359 4172 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:14:44.0390 4172 tunnel - ok
00:14:44.0452 4172 [ 1A5F1301C1EA3B49D1222E9CBB552EBB ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
00:14:44.0499 4172 TunngleService - ok
00:14:44.0530 4172 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
00:14:44.0546 4172 TurboB - ok
00:14:44.0562 4172 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:14:44.0577 4172 TurboBoost - ok
00:14:44.0593 4172 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:14:44.0593 4172 uagp35 - ok
00:14:44.0640 4172 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:14:44.0702 4172 udfs - ok
00:14:44.0733 4172 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:14:44.0780 4172 UI0Detect - ok
00:14:44.0811 4172 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:14:44.0827 4172 uliagpkx - ok
00:14:44.0874 4172 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:14:44.0920 4172 umbus - ok
00:14:44.0920 4172 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
00:14:44.0952 4172 UmPass - ok
00:14:44.0967 4172 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:14:45.0014 4172 upnphost - ok
00:14:45.0045 4172 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:14:45.0092 4172 usbccgp - ok
00:14:45.0139 4172 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:14:45.0186 4172 usbcir - ok
00:14:45.0232 4172 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
00:14:45.0248 4172 usbehci - ok
00:14:45.0279 4172 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:14:45.0310 4172 usbhub - ok
00:14:45.0326 4172 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:14:45.0342 4172 usbohci - ok
00:14:45.0357 4172 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:14:45.0388 4172 usbprint - ok
00:14:45.0420 4172 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:14:45.0451 4172 usbscan - ok
00:14:45.0482 4172 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:14:45.0513 4172 USBSTOR - ok
00:14:45.0529 4172 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:14:45.0560 4172 usbuhci - ok
00:14:45.0607 4172 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
00:14:45.0638 4172 usbvideo - ok
00:14:45.0669 4172 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:14:45.0700 4172 UxSms - ok
00:14:45.0716 4172 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:14:45.0732 4172 VaultSvc - ok
00:14:45.0747 4172 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:14:45.0763 4172 vdrvroot - ok
00:14:45.0778 4172 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:14:45.0825 4172 vds - ok
00:14:45.0856 4172 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:14:45.0872 4172 vga - ok
00:14:45.0888 4172 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:14:45.0903 4172 VgaSave - ok
00:14:45.0919 4172 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:14:45.0919 4172 vhdmp - ok
00:14:45.0934 4172 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:14:45.0934 4172 viaide - ok
00:14:45.0966 4172 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:14:45.0981 4172 volmgr - ok
00:14:45.0997 4172 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:14:46.0012 4172 volmgrx - ok
00:14:46.0028 4172 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:14:46.0028 4172 volsnap - ok
00:14:46.0090 4172 [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
00:14:46.0122 4172 vpnagent - ok
00:14:46.0137 4172 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
00:14:46.0153 4172 vpnva - ok
00:14:46.0184 4172 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:14:46.0200 4172 vsmraid - ok
00:14:46.0231 4172 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:14:46.0309 4172 VSS - ok
00:14:46.0324 4172 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:14:46.0340 4172 vwifibus - ok
00:14:46.0371 4172 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:14:46.0387 4172 vwififlt - ok
00:14:46.0418 4172 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:14:46.0465 4172 W32Time - ok
00:14:46.0496 4172 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:14:46.0512 4172 WacomPen - ok
00:14:46.0543 4172 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:14:46.0558 4172 WANARP - ok
00:14:46.0574 4172 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:14:46.0605 4172 Wanarpv6 - ok
00:14:46.0652 4172 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:14:46.0714 4172 wbengine - ok
00:14:46.0730 4172 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:14:46.0761 4172 WbioSrvc - ok
00:14:46.0777 4172 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:14:46.0824 4172 wcncsvc - ok
00:14:46.0824 4172 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:14:46.0870 4172 WcsPlugInService - ok
00:14:46.0917 4172 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
00:14:46.0933 4172 Wd - ok
00:14:46.0980 4172 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:14:47.0042 4172 Wdf01000 - ok
00:14:47.0058 4172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:14:47.0089 4172 WdiServiceHost - ok
00:14:47.0104 4172 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:14:47.0120 4172 WdiSystemHost - ok
00:14:47.0136 4172 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:14:47.0167 4172 WebClient - ok
00:14:47.0182 4172 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:14:47.0229 4172 Wecsvc - ok
00:14:47.0245 4172 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:14:47.0276 4172 wercplsupport - ok
00:14:47.0307 4172 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:14:47.0338 4172 WerSvc - ok
00:14:47.0370 4172 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:14:47.0401 4172 WfpLwf - ok
00:14:47.0448 4172 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
00:14:47.0479 4172 WimFltr - ok
00:14:47.0510 4172 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:14:47.0526 4172 WIMMount - ok
00:14:47.0541 4172 WinDefend - ok
00:14:47.0557 4172 WinHttpAutoProxySvc - ok
00:14:47.0619 4172 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:14:47.0697 4172 Winmgmt - ok
00:14:47.0760 4172 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:14:47.0900 4172 WinRM - ok
00:14:47.0947 4172 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:14:47.0978 4172 Wlansvc - ok
00:14:48.0040 4172 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:14:48.0056 4172 wlcrasvc - ok
00:14:48.0165 4172 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:14:48.0274 4172 wlidsvc - ok
00:14:48.0290 4172 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:14:48.0306 4172 WmiAcpi - ok
00:14:48.0352 4172 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:14:48.0368 4172 wmiApSrv - ok
00:14:48.0415 4172 WMPNetworkSvc - ok
00:14:48.0430 4172 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:14:48.0462 4172 WPCSvc - ok
00:14:48.0477 4172 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:14:48.0493 4172 WPDBusEnum - ok
00:14:48.0524 4172 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:14:48.0571 4172 ws2ifsl - ok
00:14:48.0586 4172 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
00:14:48.0602 4172 wscsvc - ok
00:14:48.0602 4172 WSearch - ok
00:14:48.0680 4172 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:14:48.0789 4172 wuauserv - ok
00:14:48.0805 4172 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:14:48.0852 4172 WudfPf - ok
00:14:48.0914 4172 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:14:48.0945 4172 WUDFRd - ok
00:14:48.0992 4172 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:14:49.0023 4172 wudfsvc - ok
00:14:49.0054 4172 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:14:49.0086 4172 WwanSvc - ok
00:14:49.0132 4172 ================ Scan global ===============================
00:14:49.0164 4172 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:14:49.0210 4172 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
00:14:49.0210 4172 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
00:14:49.0242 4172 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:14:49.0257 4172 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:14:49.0257 4172 [Global] - ok
00:14:49.0257 4172 ================ Scan MBR ==================================
00:14:49.0273 4172 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:14:49.0694 4172 \Device\Harddisk0\DR0 - ok
00:14:49.0694 4172 ================ Scan VBR ==================================
00:14:49.0694 4172 [ B64A48BFD40272B21C9532B283E55DD8 ] \Device\Harddisk0\DR0\Partition1
00:14:49.0694 4172 \Device\Harddisk0\DR0\Partition1 - ok
00:14:49.0725 4172 [ 4838A59ED82F09BCD57C86DA415D9CDF ] \Device\Harddisk0\DR0\Partition2
00:14:49.0725 4172 \Device\Harddisk0\DR0\Partition2 - ok
00:14:49.0725 4172 ============================================================
00:14:49.0725 4172 Scan finished
00:14:49.0725 4172 ============================================================
00:14:49.0756 5844 Detected object count: 1
00:14:49.0756 5844 Actual detected object count: 1
00:15:06.0293 5844 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
00:15:06.0293 5844 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
20.12.2012, 15:22
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU- Trjaner mit Webcam Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.12.2012, 18:43
| #9 |
| | GVU- Trjaner mit Webcam Vielen Dank, hier ist der combofix-log: Code:
ATTFilter ComboFix 12-12-20.02 - Niklas 20.12.2012 16:08:29.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6056.4264 [GMT 1:00]
ausgeführt von:: c:\users\Niklas\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-20 bis 2012-12-20 ))))))))))))))))))))))))))))))
.
.
2012-12-20 15:22 . 2012-12-20 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-20 15:22 . 2012-12-20 15:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-17 11:44 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-17 11:44 . 2012-12-17 11:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-17 10:54 . 2012-12-17 10:54 -------- d-----w- c:\program files\Enigma Software Group
2012-12-17 10:51 . 2012-12-20 15:02 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-17 10:51 . 2012-12-17 10:51 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-12-13 09:55 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 09:55 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-12 17:01 . 2012-12-12 17:01 -------- d-----w- c:\users\Niklas\AppData\Local\Cisco
2012-12-12 17:01 . 2012-12-12 17:01 -------- d-----w- c:\program files (x86)\Cisco
2012-12-12 16:58 . 2012-12-12 17:01 -------- d-----w- c:\programdata\Cisco
2012-12-11 17:14 . 2012-12-11 17:14 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-11-26 13:59 . 2012-11-26 13:59 -------- d-----w- c:\users\Niklas\AppData\Local\Help
2012-11-26 13:39 . 2012-11-26 15:38 -------- d-----w- c:\programdata\BewerbungsMaster
2012-11-26 13:36 . 2012-11-26 13:59 -------- d-----w- c:\program files (x86)\BEWERBUNGSMASTER
2012-11-26 13:36 . 2012-11-26 13:36 266240 ------w- c:\windows\Setup1.exe
2012-11-26 13:36 . 2012-11-26 13:36 74752 ----a-w- c:\windows\ST6UNST.EXE
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-20 14:03 . 2011-10-03 20:40 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-12-14 07:15 . 2011-10-04 08:28 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-29 12:15 . 2012-05-23 13:20 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-29 12:15 . 2011-11-16 17:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-26 13:37 . 2012-06-06 06:49 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-10-27 09:12 . 2012-10-27 09:12 42440 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-10-27 09:12 . 2012-10-27 09:12 28104 ----a-w- c:\windows\system32\xfcodec64.dll
2012-10-17 17:30 . 2012-10-17 17:30 10744 ----a-w- c:\windows\SysWow64\vpncategories.dll
2012-10-17 17:30 . 2012-10-17 17:30 33784 ----a-w- c:\windows\SysWow64\vpnevents.dll
2012-10-17 17:13 . 2012-10-17 17:13 27048 ----a-w- c:\windows\system32\drivers\vpnva64.sys
2012-10-17 17:11 . 2012-10-17 17:11 107432 ----a-r- c:\windows\system32\drivers\acsock64.sys
2012-10-16 08:38 . 2012-11-28 17:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 17:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 17:17 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 12:54 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 12:54 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 12:54 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 12:54 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 09:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 12:54 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 12:54 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 12:54 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 12:54 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 12:54 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 12:54 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 12:54 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 12:54 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 12:54 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 12:54 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 12:54 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-14 12:53 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 12:53 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Facebook Update"="c:\users\Niklas\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-10-17 684024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 549040]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-7-9 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-10-02 743320]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1676513155-3311104889-1951587297-1002Core.job
- c:\users\Niklas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 21:17]
.
2012-12-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1676513155-3311104889-1951587297-1002UA.job
- c:\users\Niklas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 21:17]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://facebook.de/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\dco25dqn.default\
FF - ExtSQL: 2012-12-04 20:55; {5384767E-00D9-40E9-B72F-9CC39D655D6F}; c:\users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\dco25dqn.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=drive&q=
FF - user.js: extensions.funmoods_i.id - a6f0b0c500000000000000ffa9f8aa58
FF - user.js: extensions.funmoods_i.instlDay - 15446
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1621:16
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - drive
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-20 18:40:02
ComboFix-quarantined-files.txt 2012-12-20 17:40
.
Vor Suchlauf: 9 Verzeichnis(se), 133.118.554.112 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 137.749.639.168 Bytes frei
.
- - End Of File - - F5339A427184E34FC2A5081464FE7B1C
|
|
20.12.2012, 20:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU- Trjaner mit WebcamCode:
ATTFilter AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
oder stimmt diese Info von Combofix nicht?!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.12.2012, 18:18
| #11 |
| | GVU- Trjaner mit Webcam antivir benutze ich wissentlich, das andere ist wohl durch asus vorinstalliert gewesen. wusste ich gar nicht, beim starten der exe erscheint der text: "Starten sie jetzt ihre kostenlose testversion". Ist also nicht aktiv oder? |
|
22.12.2012, 20:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU- Trjaner mit Webcam Bitte die Testversion deinstalliern
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.12.2012, 19:30
| #13 |
| | GVU- Trjaner mit Webcam Frohe Weihnachten  Habe die Testversion deinstalliert. |
|
26.12.2012, 22:01
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU- Trjaner mit Webcam adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.12.2012, 12:31
| #15 |
| | GVU- Trjaner mit Webcam Hier die adwcleaner datei: Code:
ATTFilter # AdwCleaner v2.103 - Datei am 29/12/2012 um 12:30:20 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Niklas - NIKLAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Niklas\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Niklas\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\dco25dqn.default\extensions\ffxtlbr@funmoods.com
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\dco25dqn.default\prefs.js
Gefunden : user_pref("extensions.funmoods_i.aflt", "drive");
Gefunden : user_pref("extensions.funmoods_i.dfltLng", "");
Gefunden : user_pref("extensions.funmoods_i.excTlbr", false);
Gefunden : user_pref("extensions.funmoods_i.id", "a6f0b0c500000000000000ffa9f8aa58");
Gefunden : user_pref("extensions.funmoods_i.instlDay", "15446");
Gefunden : user_pref("extensions.funmoods_i.instlRef", "");
Gefunden : user_pref("extensions.funmoods_i.newTab", false);
Gefunden : user_pref("extensions.funmoods_i.prdct", "funmoods");
Gefunden : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Gefunden : user_pref("extensions.funmoods_i.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods_i.tlbrId", "base");
Gefunden : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=drive&q=[...]
Gefunden : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1621:16:13");
Gefunden : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
*************************
AdwCleaner[R1].txt - [2588 octets] - [17/12/2012 11:48:35]
AdwCleaner[R2].txt - [2350 octets] - [29/12/2012 12:30:20]
########## EOF - C:\AdwCleaner[R2].txt - [2410 octets] ##########
|
|
| Themen zu GVU- Trjaner mit Webcam |
| anhang, befindet, guten, rar-datei, schonmal, trjaner, troja, webcam |
Linear-Darstellung
