| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner mit Webcam Bild auf WIN7 64BitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.05.2013, 22:08
| #1 |
| |  GVU-Trojaner mit Webcam Bild auf WIN7 64Bit Hallo mein Nachbar hat sich so ein Trojaner eingefangen. System Laptop Acer WIN7 64-Bit Wenn ich das System normal starte kommt nach einer weile das bekannte Bild mit der Zahlungsauforderung. Ich habe nun das System im Abgesicherten Modus gestartet damit ich überhaupt irgendwas am Laptop machen kann. Angemeldet habe ich mich als Administrator. Es gibt noch den normalen User mit seinem Namen. Auf dem USB Stick habe ich schon folgende Programme parat - OTL.exe - Malwarebytes mit einer Aktuellen rules.ref aus einem sauberen System - Emsisoft Anti-Malware (kann man das auch offline aktuallisieren? ) - adwcleaner.exe Mir geht es in erster Linie darum was an Schadsof drauf ist und seit wann, falls dies möglich ist? Dann wichtige Daten kopieren und später das ganze System platt machen und neu aufsetzten. Danke für die Unterstützung! Anbei die OTL Logs |
|
15.05.2013, 22:12
| #2 |
| /// Malware-holic   | GVU-Trojaner mit Webcam Bild auf WIN7 64Bit hi
__________________kannst du auch im abges modus, betroffener nutzer das otl log erstellen?
__________________ |
|
15.05.2013, 22:14
| #3 |
| | GVU-Trojaner mit Webcam Bild auf WIN7 64Bit mus ich mal probieren einen mom
__________________es läuft ....  So anbei der Log vom User Geändert von proto (15.05.2013 um 22:40 Uhr) |
|
15.05.2013, 22:15
| #4 |
| /// Malware-holic | GVU-Trojaner mit Webcam Bild auf WIN7 64Bit lass mal solche zwischenposts weg, da der nächste dann an den vorhergehenen angehangen wird, muss ich dann immer reinschaun
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2013, 22:41
| #5 |
| | GVU-Trojaner mit Webcam Bild auf WIN7 64Bit ok sorry hier nochmal anbei die Datei |
|
15.05.2013, 22:46
| #6 |
| /// Malware-holic | GVU-Trojaner mit Webcam Bild auf WIN7 64Bit Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-2445217360-1134911335-3497317240-1001..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\USERXYZ\Documents\1663780d.exe ()
[2013.05.15 15:03:36 | 001,084,733 | ---- | M] () -- C:\ProgramData\2433f433
[2013.05.15 15:03:36 | 001,084,714 | ---- | M] () -- C:\Users\USERXYZ\AppData\Local\2433f433
[2013.05.15 15:03:36 | 001,084,696 | ---- | M] () -- C:\Users\USERXYZ\AppData\Roaming\2433f433
[2013.05.15 15:03:23 | 000,025,088 | ---- | M] () -- C:\Users\USERXYZ\Documents\1663780d.exe
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ --> GVU-Trojaner mit Webcam Bild auf WIN7 64Bit |
|
15.05.2013, 23:03
| #7 |
| | GVU-Trojaner mit Webcam Bild auf WIN7 64Bit Datei: MovedFiles.zip_1 empfangen Vorgang erfolgreich abgeschlossen. |
|
15.05.2013, 23:19
| #8 |
| /// Malware-holic | GVU-Trojaner mit Webcam Bild auf WIN7 64Bit Danke fürs hochladen. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2013, 23:24
| #9 |
| | GVU-Trojaner mit Webcam Bild auf WIN7 64BitCode:
ATTFilter 00:21:30.0953 5556 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:21:30.0969 5556 ============================================================
00:21:30.0969 5556 Current date / time: 2013/05/16 00:21:30.0969
00:21:30.0969 5556 SystemInfo:
00:21:30.0969 5556
00:21:30.0969 5556 OS Version: 6.1.7601 ServicePack: 1.0
00:21:30.0969 5556 Product type: Workstation
00:21:30.0969 5556 ComputerName: USERXYZ-PC
00:21:30.0969 5556 UserName: USERXYZ
00:21:30.0969 5556 Windows directory: C:\Windows
00:21:30.0969 5556 System windows directory: C:\Windows
00:21:30.0969 5556 Running under WOW64
00:21:30.0969 5556 Processor architecture: Intel x64
00:21:30.0969 5556 Number of processors: 4
00:21:30.0969 5556 Page size: 0x1000
00:21:30.0969 5556 Boot type: Normal boot
00:21:30.0969 5556 ============================================================
00:21:31.0593 5556 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:21:31.0609 5556 Drive \Device\Harddisk1\DR3 - Size: 0xE74B0000 (3.61 Gb), SectorSize: 0x200, Cylinders: 0x1D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:21:31.0609 5556 ============================================================
00:21:31.0609 5556 \Device\Harddisk0\DR0:
00:21:31.0609 5556 MBR partitions:
00:21:31.0609 5556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
00:21:31.0609 5556 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
00:21:31.0609 5556 \Device\Harddisk1\DR3:
00:21:31.0609 5556 MBR partitions:
00:21:31.0609 5556 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x73A541
00:21:31.0609 5556 ============================================================
00:21:31.0624 5556 C: <-> \Device\Harddisk0\DR0\Partition2
00:21:31.0624 5556 ============================================================
00:21:31.0624 5556 Initialize success
00:21:31.0624 5556 ============================================================
00:21:56.0444 4428 ============================================================
00:21:56.0444 4428 Scan started
00:21:56.0444 4428 Mode: Manual; SigCheck; TDLFS;
00:21:56.0444 4428 ============================================================
00:21:56.0584 4428 ================ Scan system memory ========================
00:21:56.0584 4428 System memory - ok
00:21:56.0584 4428 ================ Scan services =============================
00:21:56.0787 4428 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:21:56.0881 4428 1394ohci - ok
00:21:56.0943 4428 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:21:56.0959 4428 ACPI - ok
00:21:57.0006 4428 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:21:57.0052 4428 AcpiPmi - ok
00:21:57.0193 4428 [ F3CD7B20B27D1772C946DF993FF3635C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:21:57.0208 4428 AdobeFlashPlayerUpdateSvc - ok
00:21:57.0271 4428 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:21:57.0302 4428 adp94xx - ok
00:21:57.0318 4428 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:21:57.0349 4428 adpahci - ok
00:21:57.0349 4428 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:21:57.0364 4428 adpu320 - ok
00:21:57.0427 4428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:21:57.0489 4428 AFD - ok
00:21:57.0536 4428 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:21:57.0552 4428 agp440 - ok
00:21:57.0770 4428 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
00:21:57.0770 4428 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
00:21:57.0770 4428 Akamai ( HiddenFile.Multi.Generic ) - warning
00:21:57.0770 4428 Akamai - detected HiddenFile.Multi.Generic (1)
00:21:57.0801 4428 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:21:57.0848 4428 ALG - ok
00:21:57.0910 4428 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:21:57.0926 4428 aliide - ok
00:21:57.0988 4428 [ FF779F9DE1CDF477033858B7681CEDA8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:21:58.0035 4428 AMD External Events Utility - ok
00:21:58.0098 4428 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:21:58.0113 4428 amdide - ok
00:21:58.0160 4428 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:21:58.0222 4428 AmdK8 - ok
00:21:58.0363 4428 [ EF2B99DCEE397B45F50594696D7B5339 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:21:58.0659 4428 amdkmdag - ok
00:21:58.0706 4428 [ 239DCE60BEE6E1576C803948AB4D54C5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:21:58.0753 4428 amdkmdap - ok
00:21:58.0800 4428 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:21:58.0831 4428 AmdPPM - ok
00:21:58.0878 4428 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:21:58.0893 4428 amdsata - ok
00:21:58.0924 4428 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:21:58.0940 4428 amdsbs - ok
00:21:58.0971 4428 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:21:58.0987 4428 amdxata - ok
00:21:59.0080 4428 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:21:59.0096 4428 AntiVirSchedulerService - ok
00:21:59.0158 4428 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:21:59.0158 4428 AntiVirService - ok
00:21:59.0236 4428 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
00:21:59.0252 4428 AntiVirWebService - ok
00:21:59.0299 4428 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:21:59.0377 4428 AppID - ok
00:21:59.0408 4428 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:21:59.0470 4428 AppIDSvc - ok
00:21:59.0533 4428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:21:59.0580 4428 Appinfo - ok
00:21:59.0626 4428 Application Updater - ok
00:21:59.0673 4428 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:21:59.0689 4428 arc - ok
00:21:59.0704 4428 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:21:59.0720 4428 arcsas - ok
00:21:59.0845 4428 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:21:59.0876 4428 aspnet_state - ok
00:21:59.0907 4428 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:21:59.0970 4428 AsyncMac - ok
00:22:00.0016 4428 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:22:00.0032 4428 atapi - ok
00:22:00.0110 4428 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
00:22:00.0157 4428 athr - ok
00:22:00.0235 4428 [ EA512F43F4A28D18B52CAFE8C93984FB ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
00:22:00.0313 4428 ATSwpWDF - ok
00:22:00.0375 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:22:00.0453 4428 AudioEndpointBuilder - ok
00:22:00.0484 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:22:00.0516 4428 AudioSrv - ok
00:22:00.0578 4428 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
00:22:00.0594 4428 avgntflt - ok
00:22:00.0687 4428 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
00:22:00.0703 4428 avipbb - ok
00:22:00.0734 4428 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
00:22:00.0734 4428 avkmgr - ok
00:22:00.0796 4428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:22:00.0859 4428 AxInstSV - ok
00:22:00.0906 4428 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:22:00.0952 4428 b06bdrv - ok
00:22:01.0015 4428 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:22:01.0062 4428 b57nd60a - ok
00:22:01.0108 4428 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:22:01.0140 4428 BDESVC - ok
00:22:01.0171 4428 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:22:01.0233 4428 Beep - ok
00:22:01.0296 4428 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:22:01.0389 4428 BFE - ok
00:22:01.0498 4428 [ 8DC837789BBF0E1BEF252A8F7C101F7B ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
00:22:01.0514 4428 BingDesktopUpdate - ok
00:22:01.0545 4428 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
00:22:01.0623 4428 BITS - ok
00:22:01.0654 4428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:22:01.0701 4428 blbdrive - ok
00:22:01.0748 4428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:22:01.0764 4428 bowser - ok
00:22:01.0795 4428 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:22:01.0857 4428 BrFiltLo - ok
00:22:01.0873 4428 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:22:01.0920 4428 BrFiltUp - ok
00:22:01.0966 4428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:22:01.0998 4428 Browser - ok
00:22:02.0029 4428 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:22:02.0076 4428 Brserid - ok
00:22:02.0107 4428 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:22:02.0154 4428 BrSerWdm - ok
00:22:02.0185 4428 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:22:02.0216 4428 BrUsbMdm - ok
00:22:02.0247 4428 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:22:02.0278 4428 BrUsbSer - ok
00:22:02.0310 4428 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:22:02.0356 4428 BTHMODEM - ok
00:22:02.0388 4428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:22:02.0450 4428 bthserv - ok
00:22:02.0481 4428 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:22:02.0544 4428 cdfs - ok
00:22:02.0606 4428 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:22:02.0653 4428 cdrom - ok
00:22:02.0715 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:22:02.0778 4428 CertPropSvc - ok
00:22:02.0824 4428 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:22:02.0871 4428 circlass - ok
00:22:02.0918 4428 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:22:02.0934 4428 CLFS - ok
00:22:03.0012 4428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:22:03.0027 4428 clr_optimization_v2.0.50727_32 - ok
00:22:03.0090 4428 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:22:03.0105 4428 clr_optimization_v2.0.50727_64 - ok
00:22:03.0168 4428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:22:03.0183 4428 clr_optimization_v4.0.30319_32 - ok
00:22:03.0183 4428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:22:03.0199 4428 clr_optimization_v4.0.30319_64 - ok
00:22:03.0214 4428 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:22:03.0261 4428 CmBatt - ok
00:22:03.0308 4428 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:22:03.0324 4428 cmdide - ok
00:22:03.0370 4428 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
00:22:03.0417 4428 CNG - ok
00:22:03.0464 4428 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:22:03.0480 4428 Compbatt - ok
00:22:03.0511 4428 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:22:03.0542 4428 CompositeBus - ok
00:22:03.0573 4428 COMSysApp - ok
00:22:03.0573 4428 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:22:03.0589 4428 crcdisk - ok
00:22:03.0651 4428 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:22:03.0698 4428 CryptSvc - ok
00:22:03.0823 4428 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:22:03.0870 4428 cvhsvc - ok
00:22:03.0932 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:22:03.0994 4428 DcomLaunch - ok
00:22:04.0026 4428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:22:04.0088 4428 defragsvc - ok
00:22:04.0135 4428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:22:04.0197 4428 DfsC - ok
00:22:04.0260 4428 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
00:22:04.0275 4428 dg_ssudbus - ok
00:22:04.0322 4428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:22:04.0384 4428 Dhcp - ok
00:22:04.0416 4428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:22:04.0462 4428 discache - ok
00:22:04.0494 4428 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:22:04.0509 4428 Disk - ok
00:22:04.0540 4428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:22:04.0587 4428 Dnscache - ok
00:22:04.0634 4428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:22:04.0712 4428 dot3svc - ok
00:22:04.0728 4428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:22:04.0790 4428 DPS - ok
00:22:04.0852 4428 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:22:04.0884 4428 drmkaud - ok
00:22:04.0930 4428 [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
00:22:04.0946 4428 DsiWMIService - ok
00:22:05.0024 4428 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:22:05.0040 4428 dtsoftbus01 - ok
00:22:05.0071 4428 dump_wmimmc - ok
00:22:05.0133 4428 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:22:05.0149 4428 DXGKrnl - ok
00:22:05.0180 4428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:22:05.0242 4428 EapHost - ok
00:22:05.0336 4428 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:22:05.0476 4428 ebdrv - ok
00:22:05.0523 4428 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:22:05.0554 4428 EFS - ok
00:22:05.0632 4428 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:22:05.0695 4428 ehRecvr - ok
00:22:05.0726 4428 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:22:05.0773 4428 ehSched - ok
00:22:05.0820 4428 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:22:05.0851 4428 elxstor - ok
00:22:05.0944 4428 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
00:22:05.0960 4428 ePowerSvc - ok
00:22:05.0976 4428 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:22:06.0007 4428 ErrDev - ok
00:22:06.0054 4428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:22:06.0116 4428 EventSystem - ok
00:22:06.0163 4428 [ A0539478593A00AA64E600CF7E19F195 ] EvolveVirtualAdapter C:\Windows\system32\DRIVERS\evolve.sys
00:22:06.0178 4428 EvolveVirtualAdapter - ok
00:22:06.0303 4428 [ AC41DDC9AF13C758D3EA5E9D36D78AF1 ] EvoSvc C:\Program Files\Echobit\Evolve\EvoSvc.exe
00:22:06.0381 4428 EvoSvc - ok
00:22:06.0428 4428 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:22:06.0490 4428 exfat - ok
00:22:06.0522 4428 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:22:06.0553 4428 fastfat - ok
00:22:06.0615 4428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:22:06.0646 4428 Fax - ok
00:22:06.0693 4428 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:22:06.0724 4428 fdc - ok
00:22:06.0771 4428 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:22:06.0818 4428 fdPHost - ok
00:22:06.0849 4428 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:22:06.0896 4428 FDResPub - ok
00:22:06.0927 4428 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:22:06.0943 4428 FileInfo - ok
00:22:06.0974 4428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:22:07.0036 4428 Filetrace - ok
00:22:07.0099 4428 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:22:07.0130 4428 FLEXnet Licensing Service - ok
00:22:07.0161 4428 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:22:07.0192 4428 flpydisk - ok
00:22:07.0255 4428 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:22:07.0270 4428 FltMgr - ok
00:22:07.0333 4428 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
00:22:07.0395 4428 FontCache - ok
00:22:07.0442 4428 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:22:07.0458 4428 FontCache3.0.0.0 - ok
00:22:07.0489 4428 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:22:07.0504 4428 FsDepends - ok
00:22:07.0551 4428 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:22:07.0567 4428 fssfltr - ok
00:22:07.0660 4428 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:22:07.0707 4428 fsssvc - ok
00:22:07.0754 4428 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:22:07.0770 4428 Fs_Rec - ok
00:22:07.0816 4428 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:22:07.0848 4428 fvevol - ok
00:22:07.0863 4428 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:22:07.0879 4428 gagp30kx - ok
00:22:07.0926 4428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:22:08.0004 4428 gpsvc - ok
00:22:08.0082 4428 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
00:22:08.0097 4428 GREGService - ok
00:22:08.0191 4428 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:22:08.0191 4428 gupdate - ok
00:22:08.0222 4428 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:22:08.0238 4428 gupdatem - ok
00:22:08.0284 4428 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:22:08.0316 4428 hcw85cir - ok
00:22:08.0378 4428 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:22:08.0409 4428 HdAudAddService - ok
00:22:08.0456 4428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:22:08.0487 4428 HDAudBus - ok
00:22:08.0534 4428 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
00:22:08.0550 4428 HECIx64 - ok
00:22:08.0596 4428 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:22:08.0612 4428 HidBatt - ok
00:22:08.0628 4428 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:22:08.0659 4428 HidBth - ok
00:22:08.0706 4428 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:22:08.0752 4428 HidIr - ok
00:22:08.0784 4428 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:22:08.0830 4428 hidserv - ok
00:22:08.0877 4428 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:22:08.0893 4428 HidUsb - ok
00:22:08.0924 4428 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:22:08.0986 4428 hkmsvc - ok
00:22:09.0033 4428 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:22:09.0080 4428 HomeGroupListener - ok
00:22:09.0111 4428 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:22:09.0142 4428 HomeGroupProvider - ok
00:22:09.0189 4428 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:22:09.0205 4428 HpSAMD - ok
00:22:09.0267 4428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:22:09.0361 4428 HTTP - ok
00:22:09.0408 4428 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:22:09.0408 4428 hwpolicy - ok
00:22:09.0454 4428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:22:09.0486 4428 i8042prt - ok
00:22:09.0517 4428 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:22:09.0532 4428 iaStor - ok
00:22:09.0610 4428 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
00:22:09.0626 4428 IAStorDataMgrSvc - ok
00:22:09.0657 4428 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:22:09.0673 4428 iaStorV - ok
00:22:09.0720 4428 ICQ Service - ok
00:22:09.0782 4428 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:22:09.0829 4428 idsvc - ok
00:22:09.0860 4428 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:22:09.0876 4428 iirsp - ok
00:22:09.0907 4428 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:22:09.0969 4428 IKEEXT - ok
00:22:10.0032 4428 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
00:22:10.0063 4428 Impcd - ok
00:22:10.0156 4428 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:22:10.0203 4428 IntcAzAudAddService - ok
00:22:10.0250 4428 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:22:10.0266 4428 intelide - ok
00:22:10.0312 4428 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:22:10.0328 4428 intelppm - ok
00:22:10.0375 4428 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:22:10.0422 4428 IPBusEnum - ok
00:22:10.0453 4428 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:22:10.0515 4428 IpFilterDriver - ok
00:22:10.0562 4428 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:22:10.0609 4428 iphlpsvc - ok
00:22:10.0624 4428 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:22:10.0656 4428 IPMIDRV - ok
00:22:10.0687 4428 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:22:10.0749 4428 IPNAT - ok
00:22:10.0780 4428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:22:10.0796 4428 IRENUM - ok
00:22:10.0812 4428 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:22:10.0827 4428 isapnp - ok
00:22:10.0858 4428 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:22:10.0874 4428 iScsiPrt - ok
00:22:10.0936 4428 [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
00:22:10.0952 4428 k57nd60a - ok
00:22:10.0968 4428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:22:10.0983 4428 kbdclass - ok
00:22:11.0046 4428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:22:11.0077 4428 kbdhid - ok
00:22:11.0124 4428 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:22:11.0124 4428 KeyIso - ok
00:22:11.0170 4428 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:22:11.0186 4428 KSecDD - ok
00:22:11.0217 4428 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:22:11.0233 4428 KSecPkg - ok
00:22:11.0280 4428 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:22:11.0311 4428 ksthunk - ok
00:22:11.0342 4428 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:22:11.0420 4428 KtmRm - ok
00:22:11.0482 4428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:22:11.0529 4428 LanmanServer - ok
00:22:11.0576 4428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:22:11.0638 4428 LanmanWorkstation - ok
00:22:11.0685 4428 libusb0 - ok
00:22:11.0716 4428 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:22:11.0763 4428 lltdio - ok
00:22:11.0794 4428 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:22:11.0857 4428 lltdsvc - ok
00:22:11.0888 4428 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:22:11.0935 4428 lmhosts - ok
00:22:12.0028 4428 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:22:12.0044 4428 LMS - ok
00:22:12.0091 4428 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:22:12.0106 4428 LSI_FC - ok
00:22:12.0138 4428 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:22:12.0153 4428 LSI_SAS - ok
00:22:12.0169 4428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:22:12.0184 4428 LSI_SAS2 - ok
00:22:12.0200 4428 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:22:12.0216 4428 LSI_SCSI - ok
00:22:12.0247 4428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:22:12.0309 4428 luafv - ok
00:22:12.0340 4428 lxbs_device - ok
00:22:12.0403 4428 [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
00:22:12.0418 4428 McAfee SiteAdvisor Service - ok
00:22:12.0465 4428 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:22:12.0496 4428 Mcx2Svc - ok
00:22:12.0528 4428 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:22:12.0543 4428 megasas - ok
00:22:12.0574 4428 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:22:12.0590 4428 MegaSR - ok
00:22:12.0668 4428 Microsoft SharePoint Workspace Audit Service - ok
00:22:12.0715 4428 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:22:12.0762 4428 MMCSS - ok
00:22:12.0793 4428 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:22:12.0855 4428 Modem - ok
00:22:12.0886 4428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:22:12.0918 4428 monitor - ok
00:22:12.0996 4428 [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
00:22:13.0011 4428 MotioninJoyXFilter - ok
00:22:13.0058 4428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:22:13.0074 4428 mouclass - ok
00:22:13.0120 4428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:22:13.0167 4428 mouhid - ok
00:22:13.0214 4428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:22:13.0230 4428 mountmgr - ok
00:22:13.0245 4428 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:22:13.0261 4428 mpio - ok
00:22:13.0292 4428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:22:13.0339 4428 mpsdrv - ok
00:22:13.0386 4428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:22:13.0448 4428 MpsSvc - ok
00:22:13.0495 4428 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:22:13.0526 4428 MRxDAV - ok
00:22:13.0573 4428 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:22:13.0588 4428 mrxsmb - ok
00:22:13.0620 4428 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:22:13.0666 4428 mrxsmb10 - ok
00:22:13.0698 4428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:22:13.0744 4428 mrxsmb20 - ok
00:22:13.0822 4428 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:22:13.0822 4428 msahci - ok
00:22:13.0854 4428 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:22:13.0869 4428 msdsm - ok
00:22:13.0885 4428 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:22:13.0916 4428 MSDTC - ok
00:22:13.0978 4428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:22:14.0025 4428 Msfs - ok
00:22:14.0072 4428 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:22:14.0119 4428 mshidkmdf - ok
00:22:14.0166 4428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:22:14.0166 4428 msisadrv - ok
00:22:14.0197 4428 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:22:14.0259 4428 MSiSCSI - ok
00:22:14.0259 4428 msiserver - ok
00:22:14.0306 4428 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:22:14.0337 4428 MSKSSRV - ok
00:22:14.0368 4428 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:22:14.0415 4428 MSPCLOCK - ok
00:22:14.0415 4428 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:22:14.0462 4428 MSPQM - ok
00:22:14.0509 4428 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:22:14.0524 4428 MsRPC - ok
00:22:14.0556 4428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:22:14.0571 4428 mssmbios - ok
00:22:14.0587 4428 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:22:14.0649 4428 MSTEE - ok
00:22:14.0680 4428 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:22:14.0712 4428 MTConfig - ok
00:22:14.0743 4428 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:22:14.0758 4428 Mup - ok
00:22:14.0790 4428 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
00:22:14.0805 4428 mwlPSDFilter - ok
00:22:14.0805 4428 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
00:22:14.0821 4428 mwlPSDNServ - ok
00:22:14.0836 4428 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
00:22:14.0852 4428 mwlPSDVDisk - ok
00:22:14.0914 4428 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
00:22:14.0930 4428 MWLService - ok
00:22:14.0977 4428 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:22:15.0039 4428 napagent - ok
00:22:15.0086 4428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:22:15.0102 4428 NativeWifiP - ok
00:22:15.0148 4428 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:22:15.0180 4428 NDIS - ok
00:22:15.0211 4428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:22:15.0258 4428 NdisCap - ok
00:22:15.0304 4428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:22:15.0367 4428 NdisTapi - ok
00:22:15.0414 4428 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:22:15.0476 4428 Ndisuio - ok
00:22:15.0523 4428 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:22:15.0585 4428 NdisWan - ok
00:22:15.0632 4428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:22:15.0663 4428 NDProxy - ok
00:22:15.0710 4428 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:22:15.0772 4428 NetBIOS - ok
00:22:15.0819 4428 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:22:15.0850 4428 NetBT - ok
00:22:15.0882 4428 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:22:15.0897 4428 Netlogon - ok
00:22:15.0913 4428 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:22:15.0975 4428 Netman - ok
00:22:16.0022 4428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:16.0053 4428 NetMsmqActivator - ok
00:22:16.0053 4428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:16.0069 4428 NetPipeActivator - ok
00:22:16.0084 4428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:22:16.0147 4428 netprofm - ok
00:22:16.0178 4428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:16.0194 4428 NetTcpActivator - ok
00:22:16.0194 4428 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:16.0194 4428 NetTcpPortSharing - ok
00:22:16.0225 4428 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:22:16.0240 4428 nfrd960 - ok
00:22:16.0287 4428 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:22:16.0318 4428 NlaSvc - ok
00:22:16.0396 4428 [ 216BDF8B1017BB52692C9EE3C1E50597 ] nmwcdcx64 C:\Windows\system32\drivers\ccdcmbox64.sys
00:22:16.0443 4428 nmwcdcx64 - ok
00:22:16.0474 4428 [ C9773EF9CBF2877725A45F07396D5DA6 ] nmwcdx64 C:\Windows\system32\drivers\ccdcmbx64.sys
00:22:16.0506 4428 nmwcdx64 - ok
00:22:16.0630 4428 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
00:22:16.0708 4428 NOBU - ok
00:22:16.0724 4428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:22:16.0755 4428 Npfs - ok
00:22:16.0771 4428 npggsvc - ok
00:22:16.0786 4428 NPPTNT2 - ok
00:22:16.0818 4428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:22:16.0880 4428 nsi - ok
00:22:16.0911 4428 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:22:16.0974 4428 nsiproxy - ok
00:22:17.0036 4428 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:22:17.0114 4428 Ntfs - ok
00:22:17.0176 4428 [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
00:22:17.0192 4428 NTI IScheduleSvc - ok
00:22:17.0208 4428 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
00:22:17.0223 4428 NTIDrvr - ok
00:22:17.0239 4428 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:22:17.0301 4428 Null - ok
00:22:17.0348 4428 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:22:17.0364 4428 nvraid - ok
00:22:17.0395 4428 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:22:17.0410 4428 nvstor - ok
00:22:17.0457 4428 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:22:17.0473 4428 nv_agp - ok
00:22:17.0520 4428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:22:17.0551 4428 ohci1394 - ok
00:22:17.0644 4428 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:22:17.0660 4428 ose - ok
00:22:17.0800 4428 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:22:18.0034 4428 osppsvc - ok
00:22:18.0081 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:22:18.0128 4428 p2pimsvc - ok
00:22:18.0159 4428 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:22:18.0206 4428 p2psvc - ok
00:22:18.0237 4428 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:22:18.0284 4428 Parport - ok
00:22:18.0315 4428 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:22:18.0331 4428 partmgr - ok
00:22:18.0362 4428 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:22:18.0409 4428 PcaSvc - ok
00:22:18.0440 4428 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:22:18.0440 4428 pci - ok
00:22:18.0502 4428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:22:18.0518 4428 pciide - ok
00:22:18.0534 4428 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:22:18.0565 4428 pcmcia - ok
00:22:18.0596 4428 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:22:18.0612 4428 pcw - ok
00:22:18.0643 4428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:22:18.0783 4428 PEAUTH - ok
00:22:18.0877 4428 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:22:18.0892 4428 PerfHost - ok
00:22:18.0955 4428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:22:19.0064 4428 pla - ok
00:22:19.0126 4428 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:22:19.0173 4428 PlugPlay - ok
00:22:19.0220 4428 PnkBstrA - ok
00:22:19.0236 4428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:22:19.0251 4428 PNRPAutoReg - ok
00:22:19.0267 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:22:19.0282 4428 PNRPsvc - ok
00:22:19.0345 4428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:22:19.0392 4428 PolicyAgent - ok
00:22:19.0438 4428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:22:19.0485 4428 Power - ok
00:22:19.0548 4428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:22:19.0610 4428 PptpMiniport - ok
00:22:19.0641 4428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:22:19.0688 4428 Processor - ok
00:22:19.0719 4428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:22:19.0766 4428 ProfSvc - ok
00:22:19.0782 4428 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:22:19.0797 4428 ProtectedStorage - ok
00:22:19.0828 4428 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:22:19.0891 4428 Psched - ok
00:22:19.0953 4428 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:22:20.0016 4428 ql2300 - ok
00:22:20.0031 4428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:22:20.0047 4428 ql40xx - ok
00:22:20.0094 4428 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:22:20.0109 4428 QWAVE - ok
00:22:20.0140 4428 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:22:20.0187 4428 QWAVEdrv - ok
00:22:20.0203 4428 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:22:20.0265 4428 RasAcd - ok
00:22:20.0328 4428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:22:20.0374 4428 RasAgileVpn - ok
00:22:20.0406 4428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:22:20.0452 4428 RasAuto - ok
00:22:20.0484 4428 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:22:20.0530 4428 Rasl2tp - ok
00:22:20.0562 4428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:22:20.0624 4428 RasMan - ok
00:22:20.0671 4428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:22:20.0733 4428 RasPppoe - ok
00:22:20.0749 4428 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:22:20.0796 4428 RasSstp - ok
00:22:20.0827 4428 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:22:20.0874 4428 rdbss - ok
00:22:20.0889 4428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:22:20.0920 4428 rdpbus - ok
00:22:20.0952 4428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:22:20.0983 4428 RDPCDD - ok
00:22:20.0998 4428 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:22:21.0061 4428 RDPENCDD - ok
00:22:21.0076 4428 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:22:21.0139 4428 RDPREFMP - ok
00:22:21.0201 4428 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:22:21.0232 4428 RdpVideoMiniport - ok
00:22:21.0279 4428 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:22:21.0295 4428 RDPWD - ok
00:22:21.0342 4428 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:22:21.0373 4428 rdyboost - ok
00:22:21.0404 4428 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:22:21.0451 4428 RemoteAccess - ok
00:22:21.0498 4428 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:22:21.0544 4428 RemoteRegistry - ok
00:22:21.0544 4428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:22:21.0607 4428 RpcEptMapper - ok
00:22:21.0638 4428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:22:21.0669 4428 RpcLocator - ok
00:22:21.0732 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:22:21.0778 4428 RpcSs - ok
00:22:21.0810 4428 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:22:21.0872 4428 rspndr - ok
00:22:21.0934 4428 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
00:22:21.0950 4428 RSUSBSTOR - ok
00:22:22.0012 4428 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
00:22:22.0028 4428 RTHDMIAzAudService - ok
00:22:22.0044 4428 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:22:22.0059 4428 SamSs - ok
00:22:22.0090 4428 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:22:22.0106 4428 sbp2port - ok
00:22:22.0137 4428 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:22:22.0200 4428 SCardSvr - ok
00:22:22.0246 4428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:22:22.0278 4428 scfilter - ok
00:22:22.0324 4428 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:22:22.0402 4428 Schedule - ok
00:22:22.0434 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:22:22.0465 4428 SCPolicySvc - ok
00:22:22.0496 4428 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:22:22.0543 4428 SDRSVC - ok
00:22:22.0590 4428 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:22:22.0621 4428 SeaPort - ok
00:22:22.0714 4428 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:22:22.0777 4428 secdrv - ok
00:22:22.0808 4428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:22:22.0870 4428 seclogon - ok
00:22:22.0902 4428 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:22:22.0933 4428 SENS - ok
00:22:22.0948 4428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:22:22.0980 4428 SensrSvc - ok
00:22:23.0026 4428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:22:23.0058 4428 Serenum - ok
00:22:23.0104 4428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:22:23.0151 4428 Serial - ok
00:22:23.0182 4428 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:22:23.0214 4428 sermouse - ok
00:22:23.0260 4428 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:22:23.0292 4428 SessionEnv - ok
00:22:23.0323 4428 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:22:23.0354 4428 sffdisk - ok
00:22:23.0370 4428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:22:23.0401 4428 sffp_mmc - ok
00:22:23.0416 4428 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:22:23.0463 4428 sffp_sd - ok
00:22:23.0510 4428 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:22:23.0510 4428 sfloppy - ok
00:22:23.0557 4428 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
00:22:23.0588 4428 Sftfs - ok
00:22:23.0682 4428 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:22:23.0697 4428 sftlist - ok
00:22:23.0713 4428 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:22:23.0728 4428 Sftplay - ok
00:22:23.0744 4428 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:22:23.0760 4428 Sftredir - ok
00:22:23.0775 4428 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
00:22:23.0791 4428 Sftvol - ok
00:22:23.0822 4428 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:22:23.0838 4428 sftvsa - ok
00:22:23.0869 4428 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:22:23.0931 4428 SharedAccess - ok
00:22:23.0994 4428 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:22:24.0056 4428 ShellHWDetection - ok
00:22:24.0103 4428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:22:24.0103 4428 SiSRaid2 - ok
00:22:24.0118 4428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:22:24.0134 4428 SiSRaid4 - ok
00:22:24.0290 4428 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:22:24.0384 4428 Skype C2C Service - ok
00:22:24.0462 4428 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:22:24.0508 4428 SkypeUpdate - ok
00:22:24.0540 4428 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:22:24.0602 4428 Smb - ok
00:22:24.0633 4428 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:22:24.0649 4428 SNMPTRAP - ok
00:22:24.0664 4428 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:22:24.0680 4428 spldr - ok
00:22:24.0727 4428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:22:24.0774 4428 Spooler - ok
00:22:24.0867 4428 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:22:25.0008 4428 sppsvc - ok
00:22:25.0039 4428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:22:25.0101 4428 sppuinotify - ok
00:22:25.0616 4428 [ A67B31A281DF3F2CA2B3C7005CE66DB3 ] SProtection C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
00:22:25.0897 4428 SProtection - ok
00:22:25.0944 4428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:22:25.0990 4428 srv - ok
00:22:26.0022 4428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:22:26.0084 4428 srv2 - ok
00:22:26.0100 4428 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:22:26.0146 4428 srvnet - ok
00:22:26.0193 4428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:22:26.0240 4428 SSDPSRV - ok
00:22:26.0271 4428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:22:26.0334 4428 SstpSvc - ok
00:22:26.0380 4428 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
00:22:26.0396 4428 ssudmdm - ok
00:22:26.0427 4428 Steam Client Service - ok
00:22:26.0458 4428 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:22:26.0474 4428 stexstor - ok
00:22:26.0505 4428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:22:26.0552 4428 stisvc - ok
00:22:26.0583 4428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:22:26.0599 4428 swenum - ok
00:22:26.0646 4428 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:22:26.0708 4428 swprv - ok
00:22:26.0755 4428 [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:22:26.0770 4428 SynTP - ok
00:22:26.0833 4428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:22:26.0895 4428 SysMain - ok
00:22:26.0942 4428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:22:26.0973 4428 TabletInputService - ok
00:22:27.0004 4428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:22:27.0067 4428 TapiSrv - ok
00:22:27.0098 4428 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:22:27.0145 4428 TBS - ok
00:22:27.0223 4428 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:22:27.0316 4428 Tcpip - ok
00:22:27.0363 4428 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:22:27.0394 4428 TCPIP6 - ok
00:22:27.0426 4428 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:22:27.0472 4428 tcpipreg - ok
00:22:27.0519 4428 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:22:27.0550 4428 TDPIPE - ok
00:22:27.0597 4428 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:22:27.0613 4428 TDTCP - ok
00:22:27.0644 4428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:22:27.0706 4428 tdx - ok
00:22:27.0738 4428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:22:27.0753 4428 TermDD - ok
00:22:27.0800 4428 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:22:27.0862 4428 TermService - ok
00:22:27.0894 4428 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:22:27.0909 4428 Themes - ok
00:22:27.0940 4428 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:22:27.0972 4428 THREADORDER - ok
00:22:27.0987 4428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:22:28.0050 4428 TrkWks - ok
00:22:28.0112 4428 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:22:28.0174 4428 TrustedInstaller - ok
00:22:28.0221 4428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:22:28.0284 4428 tssecsrv - ok
00:22:28.0315 4428 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:22:28.0362 4428 TsUsbFlt - ok
00:22:28.0424 4428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:22:28.0455 4428 tunnel - ok
00:22:28.0471 4428 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
00:22:28.0486 4428 TurboB - ok
00:22:28.0518 4428 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:22:28.0533 4428 TurboBoost - ok
00:22:28.0564 4428 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:22:28.0580 4428 uagp35 - ok
00:22:28.0596 4428 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
00:22:28.0611 4428 UBHelper - ok
00:22:28.0642 4428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:22:28.0720 4428 udfs - ok
00:22:28.0752 4428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:22:28.0783 4428 UI0Detect - ok
00:22:28.0830 4428 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:22:28.0845 4428 uliagpkx - ok
00:22:28.0892 4428 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:22:28.0908 4428 umbus - ok
00:22:28.0939 4428 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:22:28.0970 4428 UmPass - ok
00:22:29.0064 4428 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:22:29.0142 4428 UNS - ok
00:22:29.0188 4428 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
00:22:29.0204 4428 Updater Service - ok
00:22:29.0235 4428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:22:29.0298 4428 upnphost - ok
00:22:29.0376 4428 [ F49988FBF59413B974B1380D6F743EBC ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
00:22:29.0407 4428 upperdev - ok
00:22:29.0438 4428 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:22:29.0485 4428 usbccgp - ok
00:22:29.0547 4428 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
00:22:29.0594 4428 usbcir - ok
00:22:29.0625 4428 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
00:22:29.0672 4428 usbehci - ok
00:22:29.0703 4428 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:22:29.0734 4428 usbhub - ok
00:22:29.0766 4428 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:22:29.0781 4428 usbohci - ok
00:22:29.0828 4428 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:22:29.0859 4428 usbprint - ok
00:22:29.0906 4428 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:22:29.0922 4428 usbscan - ok
00:22:29.0953 4428 [ 0F0C72A657C622286013788B886968AD ] usbser C:\Windows\system32\DRIVERS\usbser.sys
00:22:29.0968 4428 usbser - ok
00:22:30.0000 4428 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:22:30.0046 4428 USBSTOR - ok
00:22:30.0062 4428 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:22:30.0093 4428 usbuhci - ok
00:22:30.0171 4428 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:22:30.0187 4428 usbvideo - ok
00:22:30.0234 4428 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
00:22:30.0280 4428 usb_rndisx - ok
00:22:30.0296 4428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:22:30.0358 4428 UxSms - ok
00:22:30.0390 4428 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:22:30.0390 4428 VaultSvc - ok
00:22:30.0421 4428 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:22:30.0421 4428 vdrvroot - ok
00:22:30.0468 4428 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:22:30.0546 4428 vds - ok
00:22:30.0577 4428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:22:30.0592 4428 vga - ok
00:22:30.0608 4428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:22:30.0655 4428 VgaSave - ok
00:22:30.0686 4428 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:22:30.0717 4428 vhdmp - ok
00:22:30.0764 4428 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:22:30.0780 4428 viaide - ok
00:22:30.0795 4428 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:22:30.0811 4428 volmgr - ok
00:22:30.0858 4428 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:22:30.0889 4428 volmgrx - ok
00:22:30.0904 4428 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:22:30.0920 4428 volsnap - ok
00:22:30.0951 4428 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:22:30.0967 4428 vsmraid - ok
00:22:31.0029 4428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:22:31.0123 4428 VSS - ok
00:22:31.0154 4428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:22:31.0170 4428 vwifibus - ok
00:22:31.0185 4428 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:22:31.0232 4428 vwififlt - ok
00:22:31.0263 4428 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
00:22:31.0294 4428 vwifimp - ok
00:22:31.0341 4428 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:22:31.0388 4428 W32Time - ok
00:22:31.0419 4428 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:22:31.0435 4428 WacomPen - ok
00:22:31.0466 4428 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:22:31.0497 4428 WANARP - ok
00:22:31.0513 4428 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:22:31.0544 4428 Wanarpv6 - ok
00:22:31.0653 4428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:22:31.0700 4428 wbengine - ok
00:22:31.0762 4428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:22:31.0794 4428 WbioSrvc - ok
00:22:31.0840 4428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:22:31.0872 4428 wcncsvc - ok
00:22:31.0872 4428 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:22:31.0918 4428 WcsPlugInService - ok
00:22:31.0950 4428 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:22:31.0965 4428 Wd - ok
00:22:32.0012 4428 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:22:32.0074 4428 Wdf01000 - ok
00:22:32.0090 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:22:32.0137 4428 WdiServiceHost - ok
00:22:32.0152 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:22:32.0168 4428 WdiSystemHost - ok
00:22:32.0199 4428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:22:32.0246 4428 WebClient - ok
00:22:32.0293 4428 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:22:32.0355 4428 Wecsvc - ok
00:22:32.0386 4428 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:22:32.0449 4428 wercplsupport - ok
00:22:32.0480 4428 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:22:32.0511 4428 WerSvc - ok
00:22:32.0558 4428 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:22:32.0605 4428 WfpLwf - ok
00:22:32.0620 4428 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:22:32.0636 4428 WIMMount - ok
00:22:32.0652 4428 WinHttpAutoProxySvc - ok
00:22:32.0714 4428 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:22:32.0761 4428 Winmgmt - ok
00:22:32.0823 4428 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:22:32.0979 4428 WinRM - ok
00:22:33.0026 4428 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:22:33.0057 4428 WinUsb - ok
00:22:33.0088 4428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:22:33.0135 4428 Wlansvc - ok
00:22:33.0260 4428 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:22:33.0338 4428 wlidsvc - ok
00:22:33.0369 4428 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:22:33.0400 4428 WmiAcpi - ok
00:22:33.0432 4428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:22:33.0447 4428 wmiApSrv - ok
00:22:33.0478 4428 WMPNetworkSvc - ok
00:22:33.0510 4428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:22:33.0541 4428 WPCSvc - ok
00:22:33.0650 4428 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:22:33.0666 4428 WPDBusEnum - ok
00:22:33.0697 4428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:22:33.0759 4428 ws2ifsl - ok
00:22:33.0759 4428 WSearch - ok
00:22:33.0853 4428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:22:33.0931 4428 wuauserv - ok
00:22:33.0978 4428 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:22:33.0993 4428 WudfPf - ok
00:22:34.0024 4428 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:22:34.0056 4428 WUDFRd - ok
00:22:34.0087 4428 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:22:34.0118 4428 wudfsvc - ok
00:22:34.0165 4428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:22:34.0180 4428 WwanSvc - ok
00:22:34.0243 4428 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
00:22:34.0258 4428 xusb21 - ok
00:22:34.0290 4428 ================ Scan global ===============================
00:22:34.0321 4428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:22:34.0368 4428 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:22:34.0368 4428 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:22:34.0399 4428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:22:34.0414 4428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:22:34.0430 4428 [Global] - ok
00:22:34.0430 4428 ================ Scan MBR ==================================
00:22:34.0446 4428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:22:34.0882 4428 \Device\Harddisk0\DR0 - ok
00:22:34.0898 4428 [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk1\DR3
00:22:35.0038 4428 \Device\Harddisk1\DR3 - ok
00:22:35.0038 4428 ================ Scan VBR ==================================
00:22:35.0054 4428 [ F837EF2B93BF4A23F7025B13991B33A8 ] \Device\Harddisk0\DR0\Partition1
00:22:35.0054 4428 \Device\Harddisk0\DR0\Partition1 - ok
00:22:35.0054 4428 [ B6775C4EE1ADF013ABB6F63BC1D7F720 ] \Device\Harddisk0\DR0\Partition2
00:22:35.0070 4428 \Device\Harddisk0\DR0\Partition2 - ok
00:22:35.0070 4428 [ 21BF7A78DD31FF633741045616A25884 ] \Device\Harddisk1\DR3\Partition1
00:22:35.0070 4428 \Device\Harddisk1\DR3\Partition1 - ok
00:22:35.0070 4428 ============================================================
00:22:35.0070 4428 Scan finished
00:22:35.0070 4428 ============================================================
00:22:35.0085 4744 Detected object count: 1
00:22:35.0085 4744 Actual detected object count: 1
00:22:44.0757 4744 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
00:22:44.0757 4744 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
Geändert von proto (16.05.2013 um 00:07 Uhr) |
|
15.05.2013, 23:26
| #10 |
| /// Malware-holic | GVU-Trojaner mit Webcam Bild auf WIN7 64Bit sieht gut aus. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2013, 23:52
| #11 |
| | GVU-Trojaner mit Webcam Bild auf WIN7 64Bit hi hatte vorhin combofix ausgeführt doch trotz das ich antivir deaktiviert habe bekam ich Fehlermeldungen dann habe ich es trotzdem ausgeführt. Nach dem Neustart habe ich zwar ein Symbol Combofix gefunden unter C: aber keine .txt jetzt habe ich Antivir deinstalliert und lass combofix erneut laufen. Code:
ATTFilter ComboFix 13-05-15.01 - USERXYZ 16.05.2013 0:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2419 [GMT 2:00]
ausgeführt von:: c:\users\USERXYZ\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\FullRemove.exe
c:\users\USERXYZ\AppData\Local\mehkombddi.exe
c:\users\USERXYZ\AppData\Roaming\Help\coredb\storage
c:\users\USERXYZ\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\USERXYZ\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\USERXYZ\AppData\Roaming\MicrosoftSystems
c:\users\USERXYZ\AppData\Roaming\MicrosoftSystems\Internet Explorer\Internet.ico
c:\users\USERXYZ\AppData\Roaming\MicrosoftSystems\Internet Explorer\Toolbar.InstallState
c:\windows\assembly\GAC_MSIL\Toolbar
c:\windows\jestertb.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-15 bis 2013-05-15 ))))))))))))))))))))))))))))))
.
.
2013-05-15 23:01 . 2013-05-15 23:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-05-15 23:01 . 2013-05-15 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-15 23:01 . 2013-05-15 23:01 -------- d-----w- c:\users\Administrator.USERXYZ-PC\AppData\Local\temp
2013-05-15 21:51 . 2013-05-15 22:00 -------- d-----w- C:\_OTL
2013-05-15 09:39 . 2013-05-15 09:39 -------- d-----w- c:\program files (x86)\GUMC85D.tmp
2013-05-11 11:51 . 2013-05-11 11:51 -------- d-----w- c:\program files (x86)\GUMFFE0.tmp
2013-05-04 16:29 . 2013-05-04 16:30 -------- d-----w- c:\users\USERXYZ\AppData\Roaming\Notepad++
2013-05-04 16:29 . 2013-05-04 16:29 -------- d-----w- c:\program files (x86)\Notepad++
2013-05-04 16:18 . 2013-05-04 16:18 -------- d-----w- c:\program files (x86)\NAVIGON
2013-05-03 17:12 . 2013-05-03 17:12 -------- d-----w- c:\users\USERXYZ\AppData\Local\Gameforge4d
2013-05-03 17:11 . 2013-05-03 17:11 -------- d-----w- c:\users\USERXYZ\AppData\Local\Programs
2013-04-28 19:24 . 2013-04-28 19:24 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 22:55 . 2013-04-04 20:08 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4814D6B-2A94-4982-889C-85E703D24B42}\offreg.dll
2013-04-30 23:02 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-03-15 06:28 . 2013-03-22 09:53 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4814D6B-2A94-4982-889C-85E703D24B42}\mpengine.dll
2013-03-04 13:53 . 2011-02-18 17:25 72013344 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
2011-06-01 15:47 177712 ----a-w- c:\program files (x86)\vShare.tv plugin\BarLcher.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2012-11-06 13:01 183112 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{4d02e7e6-5930-4b51-b9b0-9f21b3789400}"= "mscoree.dll" [2010-11-05 297808]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files (x86)\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-04 11:57 220632 ----a-w- c:\users\USERXYZ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-04 11:57 220632 ----a-w- c:\users\USERXYZ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-04 11:57 220632 ----a-w- c:\users\USERXYZ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-25 3077528]
"Akamai NetSession Interface"="c:\users\USERXYZ\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Facebook Update"="c:\users\USERXYZ\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"GoogleChromeAutoLaunch_0CAAEB44A9E7283E7AB4DDB9ED1478EF"="c:\users\USERXYZ\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe" [2012-08-02 686792]
.
c:\users\USERXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
StartupCPU.lnk - c:\users\USERXYZ\AppData\Roaming\FAH\CPU\StartupCPU.exe [2011-8-25 35944]
StartupGPU.lnk - c:\users\USERXYZ\AppData\Roaming\FAH\GPU\StartupGPU.exe [2011-8-25 35944]
VersionCheck.lnk - c:\users\USERXYZ\AppData\Roaming\FAH\VersionCheck.exe [2011-5-1 45010]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"enablelua"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 716872]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam-DE\GameGuard\dump_wmimmc.sys [x]
R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe [2012-10-23 1526296]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-25 283200]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-25 203264]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-12-04 103472]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [2013-05-15 2833448]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-09-21 21656]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:08]
.
2013-05-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2445217360-1134911335-3497317240-1001Core.job
- c:\users\USERXYZ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-10 10:57]
.
2013-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2445217360-1134911335-3497317240-1001UA.job
- c:\users\USERXYZ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-10 10:57]
.
2013-05-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2445217360-1134911335-3497317240-500Core.job
- c:\users\Administrator.USERXYZ-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:02]
.
2013-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2445217360-1134911335-3497317240-500UA.job
- c:\users\Administrator.USERXYZ-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:02]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-22 15:33]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-22 15:33]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2445217360-1134911335-3497317240-1001Core.job
- c:\users\USERXYZ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 14:50]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2445217360-1134911335-3497317240-1001UA.job
- c:\users\USERXYZ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 14:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-04 11:57 244696 ----a-w- c:\users\USERXYZ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-04 11:57 244696 ----a-w- c:\users\USERXYZ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-04 11:57 244696 ----a-w- c:\users\USERXYZ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"LXBSCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBStime.dll" [2007-02-22 28672]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\USERXYZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\USERXYZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{1E864EAC-892F-4A60-8C17-63123FD5731C} - c:\program files (x86)\Koyote Soft Toolbar\IE\4.6\koyotesoftToolbarIE.dll
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
Toolbar-Locked - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
Toolbar-{1E864EAC-892F-4A60-8C17-63123FD5731C} - c:\program files (x86)\Koyote Soft Toolbar\IE\4.6\koyotesoftToolbarIE.dll
Toolbar-10 - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Linkury Chrome Smartbar - c:\program files (x86)\Linkury\Linkury.exe
Wow6432Node-HKCU-Run-WLSync - c:\program files (x86)\Windows Live\Mesh\WLSync.exe
Wow6432Node-HKCU-Run-renovator - c:\users\USERXYZ\AppData\Roaming\Mozilla\{220D201C-751E-453F-979E-FCCD1837DAA5}\renovator.exe
Wow6432Node-HKLM-Run-Norton Online Backup - c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Wow6432Node-HKLM-Run-Microsoft Default Manager - c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
Wow6432Node-HKLM-Run-BingDesktop - c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe
Wow6432Node-HKLM-Run-Iminent - c:\program files (x86)\Iminent\Iminent.exe
Wow6432Node-HKLM-Run-IminentMessenger - c:\program files (x86)\Iminent\Iminent.Messengers.exe
Wow6432Node-HKU-Default-Run-4Y3Y0C3AYF7W0A0DHHDPS - c:\recycle.bin\B6232F3AD9F.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-GOGPACKSTRONGHOLDCRUSADERHD_is1 - c:\gog games\Stronghold Crusader Extreme HD\unins000.exe
AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-IMBoosterARP - c:\program files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe
AddRemove-NCLauncher_GameForge - c:\program files (x86)\GameForge\NCLauncher\Uninstall.exe
AddRemove-Need for Speed Most Wanted_is1 - c:\program files (x86)\EA Games\Need for Speed Most Wanted\unins000.exe
AddRemove-NosTale(DE)_is1 - c:\program files (x86)\GameforgeLive\Games\DEU_deu\NosTale\unins000.exe
AddRemove-Opera 11.64.1403 - c:\program files (x86)\Opera\Opera.exe
AddRemove-Steam App 99870 - c:\program files (x86)\Steam\steam.exe
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files (x86)\Bing Bar Installer\InstallManager.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750} - c:\program files (x86)\Acer GameZone\Cake Mania\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457} - c:\program files (x86)\Acer GameZone\Galapago\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427} - c:\program files (x86)\Acer GameZone\Poker Pop\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477} - c:\program files (x86)\Acer GameZone\Merriam Websters Spell Jam\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477} - c:\program files (x86)\Acer GameZone\Amazonia\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380} - c:\program files (x86)\Acer GameZone\Heroes of Hellas\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110} - c:\program files (x86)\Acer GameZone\Dream Day First Home\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173} - c:\program files (x86)\Acer GameZone\Airport Mania First Flight\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173} - c:\program files (x86)\Acer GameZone\Farm Frenzy 2\Uninstall.exe
AddRemove-Adlsoft Uncompressor - c:\program files (x86)\Adlsoft Uncompressor\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2445217360-1134911335-3497317240-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2445217360-1134911335-3497317240-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2445217360-1134911335-3497317240-1001\Software\SecuROM\License information*]
"datasecu"=hex:0b,34,f6,da,f8,81,52,4c,17,ec,c6,1a,ba,73,2e,91,dd,af,ba,35,da,
2e,17,b8,ec,cf,59,0a,71,64,26,d3,14,d9,da,a2,05,b3,30,85,aa,f6,d6,f9,05,ac,\
"rkeysecu"=hex:db,05,f6,0b,81,ae,6a,a2,20,e1,e0,52,20,f7,9e,54
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-16 01:04:00
ComboFix-quarantined-files.txt 2013-05-15 23:04
.
Vor Suchlauf: 13 Verzeichnis(se), 217.158.619.136 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 217.166.716.928 Bytes frei
.
- - End Of File - - BC9C57C7BF589C0FEDCE9F2DC5D6209B
|
|
| Themen zu GVU-Trojaner mit Webcam Bild auf WIN7 64Bit |
| abgesicherten, aktuelle, anti-malware, bild, daten, emsisoft, folge, folgende, gestartet, kopieren, laptop, log, malwarebytes, modus, neu, offline, programme, stick, trojaner, usb, usb stick, webcam, wichtige, wichtige daten, win, win7, win7 64bit, überhaupt |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
