|  | 
| 
 | |||||||
| Plagegeister aller Art und deren Bekämpfung: Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. | 
|  | 
|  | 
|  09.07.2012, 12:05 | #1 | 
|  |   Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet Hallo, ich habe mir den Webcam Trojaner eingefangen. Habe zunächst meinen Laptop (kein Laufwerk) neu gestartet. Konnte mich ganz normal anmelden, nur wurde nach kurzer Zeit der explorer beendet und ich konnte nichts mehr machen. Habe über den Task-Manager dann erneut den explorer gestartet, was auch funktioniert hatte, jedoch bleibt z.b. der Firefox immer hängen und ich kann keine Bilder öffnen. Also bin ich hier ins Forum und habe Punkt 1 mit Malwarebytes Anti-Malware komplett abgearbeitet. Dabei wurden zwei Objekte gefunden. Log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.08.02 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 DiSe :: DISE-LAPTOP [Administrator] 08.07.2012 12:37:57 mbam-log-2012-07-08 (12-37-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206010 Laufzeit: 3 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\DiSe\AppData\Local\Temp\glom0_og.exe (Trojan.Inject) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\DiSe\AppData\Local\Temp\glom0_og.exe (Trojan.Inject) -> Löschen bei Neustart. (Ende) Danach habe ich einen Neustart durchgeführt und als ich mich erfolgreich angemeldet hatte kam folgende Fehlermeldung: "Problem beim Starten von C:\Users\DiSe\AppData\Local\Temp\glom0_og.exe Das angegebene Modul wurde nicht gefunden" (als Screenshot auch im Anhang) Nach dieser Meldung bin ich zu Schritt zwei im Forum übergegangen und habe defogger als auch OTL durchgeführt. Dateien befinden sich im Anhang. Ich bitte nun um weitere Hilfe, um den Trojaner vollständig wegzubekommen. Vielen Dank im voraus | 
|  10.07.2012, 13:29 | #2 | |
| /// Malware-holic       |   Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet hi,__________________ keine windows updates einspielen, wie sp1 zb, und sich dann über malware wundern :-( Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop 
 Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat: 
 
				__________________ | 
|  10.07.2012, 22:04 | #3 | 
|  |   Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet Hallo,__________________ dass ist natürlich dann "dumm" von mir. Trotzdem danke für die Hilfe. Also Combofix sagt folgendes: Combofix Logfile: Code: 
  ATTFilter ComboFix 12-07-10.01 - DiSe 10.07.2012  15:55:38.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3765.2643 [GMT 2:00]
ausgeführt von:: c:\users\DiSe\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\DiSe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-10 bis 2012-07-10  ))))))))))))))))))))))))))))))
.
.
2012-07-10 14:02 . 2012-07-10 14:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-08 10:36 . 2012-07-08 10:36	--------	d-----w-	c:\users\DiSe\AppData\Roaming\Malwarebytes
2012-07-08 10:36 . 2012-07-08 10:36	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-08 10:36 . 2012-07-08 10:36	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-08 10:36 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-22 15:14 . 2012-06-22 15:14	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-22 15:14 . 2012-06-22 15:14	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-22 09:06 . 2012-06-22 09:06	--------	d-----w-	c:\users\DiSe\AppData\Local\AskToolbar
2012-06-21 17:48 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 17:48 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 17:48 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 17:48 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 17:47 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 17:47 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 17:47 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 17:47 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 17:47 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-13 08:19 . 2012-05-02 05:32	208896	----a-w-	c:\windows\system32\profsvc.dll
2012-06-13 08:19 . 2012-04-26 05:34	76288	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 08:19 . 2012-04-26 05:34	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-13 08:19 . 2012-04-26 05:28	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-13 08:19 . 2012-05-04 10:52	5505392	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-13 08:19 . 2012-05-04 10:08	3902320	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 08:19 . 2012-05-04 10:08	3958128	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 08:19 . 2012-05-15 01:32	3144192	----a-w-	c:\windows\system32\win32k.sys
2012-06-13 08:19 . 2012-04-28 03:50	204800	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 08:19 . 2012-04-07 12:18	3213824	----a-w-	c:\windows\system32\msi.dll
2012-06-13 08:19 . 2012-04-07 11:34	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-13 08:18 . 2012-04-24 05:59	182272	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-13 08:18 . 2012-04-24 05:59	1460224	----a-w-	c:\windows\system32\crypt32.dll
2012-06-13 08:18 . 2012-04-24 05:59	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-13 08:18 . 2012-04-24 04:47	139264	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-13 08:18 . 2012-04-24 04:47	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-13 08:18 . 2012-04-24 04:47	1156608	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-11 07:43 . 2012-06-11 07:43	--------	d-----w-	c:\users\DiSe\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 09:58 . 2012-04-06 07:26	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-01 09:58 . 2011-06-01 09:30	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-02 13:24 . 2012-05-13 14:41	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-04-27 08:20 . 2012-05-13 14:41	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-24 22:32 . 2012-05-13 14:41	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-18 09:56	1519272	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-18 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 257224]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-06 335400]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-26 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 158848]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-08 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 09:58]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 11:51]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-07 11:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_3820&r=27360510i606l0488z115t4541k795
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files (x86)\ICQ7.1\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\DiSe\AppData\Roaming\Mozilla\Firefox\Profiles\xnddjya6.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=8db9c2f6-0ea3-445c-b067-c419eb5ada03&apn_ptnrs=%5EABT&apn_sauid=892B1CB3-F467-41D2-BAFA-DCE28CE10F7D&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-10  16:04:58
ComboFix-quarantined-files.txt  2012-07-10 14:04
.
Vor Suchlauf: 12 Verzeichnis(se), 249.280.315.392 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 249.493.274.624 Bytes frei
.
- - End Of File - - C6BAF077A37DA81088913BA4C5C56F21
          | 
|  11.07.2012, 23:02 | #4 | 
| /// Malware-holic       |   Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet naja dafür ists nie zu spät :-) lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten. 
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  12.07.2012, 11:56 | #5 | 
|  |   Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet CCleaner: habe die Acer-Programme mal als "notwendig" vorausgesetzt Acer Arcade Deluxe CyberLink Corp. 28.04.2010 79,5MB 4.0.7501 [notwendig] Acer Backup Manager NewTech Infosystems 24.03.2010 27,2MB 2.0.0.60 [notwendig] Acer Crystal Eye webcam Ver:1.1.158.203 Chicony Electronics Co.,Ltd. 28.04.2010 1.1.158.203 [notwendig] Acer ePower Management Acer Incorporated 28.04.2010 5.00.3002 [notwendig] Acer eRecovery Management Acer Incorporated 24.03.2010 4.05.3007 [notwendig] Acer GameZone Console Oberon Media, Inc. 24.03.2010 6.1.0.2 [notwendig] Acer Registration Acer Incorporated 28.04.2010 1.02.3006 [notwendig] Acer ScreenSaver Acer Incorporated 28.04.2010 1.1.0222.2010 [notwendig] Acer Updater Acer Incorporated 24.03.2010 1.02.3001 [notwendig] Acer VCM Acer Incorporated 28.04.2010 4.05.3002 [notwendig] Acrobat.com Adobe Systems Incorporated 24.03.2010 1,60MB 1.6.65 [notwendig] Adobe AIR Adobe Systems Inc. 09.06.2010 1.5.3.9130 [notwendig] Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 01.07.2012 6,00MB 11.3.300.257 [notwendig] Adobe Flash Player 11 Plugin Adobe Systems Incorporated 23.06.2012 6,00MB 11.3.300.262 [notwendig] Adobe Reader 9.5.1 MUI Adobe Systems Incorporated 03.07.2012 655MB 9.5.1 [notwendig] Alcor Micro USB Card Reader Alcor Micro Corp. 24.03.2010 2,86MB 1.5.17.05094 [unbekannt] Amazonia Oberon Media 28.04.2010 [unnötig] Apple Application Support Apple Inc. 21.03.2012 61,0MB 2.1.7 [notwendig] Apple Mobile Device Support Apple Inc. 21.03.2012 24,9MB 5.1.1.4 [notwendig] Apple Software Update Apple Inc. 30.11.2011 2,38MB 2.1.3.127 [notwendig] Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 24.03.2010 1.0.0.20 [unbekannt] Avira Free Antivirus Avira 13.05.2012 125MB 12.0.0.1125 [notwendig] Avira SearchFree Toolbar plus Web Protection Ask.com 13.05.2012 3,78MB 1.15.1.0 [notwendig] Avira SearchFree Toolbar plus Web Protection Updater Ask.com 13.05.2012 1.2.1.22229 [notwendig] Bonjour Apple Inc. 30.11.2011 2,00MB 3.0.0.10 [unbekannt] Cake Mania Oberon Media 28.04.2010 [unnötig] CCleaner Piriform 22.06.2012 3.20 [notwendig] Chicken Invaders 2 Oberon Media 28.04.2010 [unnötig] Compatibility Pack für 2007 Office System Microsoft Corporation 16.05.2012 202MB 12.0.6612.1000 [notwendig] Dairy Dash Oberon Media 28.04.2010 [unnötig] DivX-Setup DivX, Inc. 30.08.2010 2.0.0.86 [notwendig] Dream Day First Home Oberon Media 28.04.2010 [unnötig] eSobi v2 esobi Inc. 24.03.2010 20,4MB 2.0.4.000274 [unnötig] Farm Frenzy 2 Oberon Media 28.04.2010 [unnötig] Galapago Oberon Media 28.04.2010 [unnötig] Google Earth Plug-in Google 05.05.2012 48,7MB 6.2.2.6613 [unnötig] Granny In Paradise Oberon Media 28.04.2010 [unnötig] Haali Media Splitter 28.04.2010 [unnötig] Heroes of Hellas Oberon Media 28.04.2010 [unnötig] ICQ Toolbar ICQ 31.05.2010 3.0.0 [unnötig] ICQ7.1 ICQ 31.05.2010 7.1 [unnötig] Identity Card Acer Incorporated 28.04.2010 1.00.3003 [notwendig] Intel(R) Control Center Intel Corporation 28.04.2010 1.2.1.1007 [notwendig] Intel(R) Graphics Media Accelerator Driver Intel Corporation 28.04.2010 8.15.10.2057 [notwendig] Intel(R) Management Engine Components Intel Corporation 28.04.2010 6.0.0.1179 [notwendig] Intel(R) Rapid Storage Technology Intel Corporation 28.04.2010 9.6.0.1014 [notwendig] iTunes Apple Inc. 21.03.2012 158MB 10.6.0.40 [notwendig] Java(TM) 6 Update 31 Oracle 24.02.2012 95,1MB 6.0.310 [notwendig] Launch Manager Acer Inc. 28.04.2010 4.0.5 [notwendig] Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 08.07.2012 18,0MB 1.61.0.1400 [notwendig] Microsoft .NET Framework 4 Client Profile Microsoft Corporation 19.12.2010 38,8MB 4.0.30319 [notwendig] Microsoft Office Home and Student 2007 Microsoft Corporation 07.03.2012 12.0.6612.1000 [notwendig] Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 07.03.2012 12.0.6612.1000 [notwendig] Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 16.05.2012 15,9MB 12.0.6612.1000 [notwendig] Microsoft Office Suite Activation Assistant Microsoft Corporation 24.03.2010 8,36MB 2.9 [notwendig] Microsoft Silverlight Microsoft Corporation 16.05.2012 214MB 4.1.10329.0 [notwendig] Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 28.04.2010 1,72MB 3.1.0000 [notwendig] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 26.01.2012 252KB 8.0.50727.4053 [notwendig] Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.06.2011 300KB 8.0.61001 [notwendig] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.06.2010 596KB 9.0.30729 [notwendig] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 12.06.2010 590KB 9.0.30729.4148 [notwendig] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 18.06.2011 600KB 9.0.30729.6161 [notwendig] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 16.05.2012 16,5MB 10.0.40219 [notwendig] Microsoft Works Microsoft Corporation 16.04.2012 1,18GB 9.7.0621 [notwendig] Mozilla Firefox 13.0.1 (x86 de) Mozilla 22.06.2012 37,2MB 13.0.1 [notwendig] Mozilla Maintenance Service Mozilla 22.06.2012 309KB 13.0.1 [notwendig] Mozilla Thunderbird 13.0.1 (x86 de) Mozilla 05.07.2012 40,5MB 13.0.1 [notwendig] MSXML 4.0 SP2 (KB954430) Microsoft Corporation 08.06.2010 1,27MB 4.20.9870.0 [notwendig] MSXML 4.0 SP2 (KB973688) Microsoft Corporation 08.06.2010 1,33MB 4.20.9876.0 [notwendig] MyWinLocker Suite Egis Technology Inc. 24.03.2010 2,20MB 3.1.206.0 [notwendig] Norton Online Backup Symantec 24.03.2010 2,09MB 1.2.0.36 [notwendig] OpenVPN 2.1.1 31.05.2010 2.1.1 [notwendig] Paint.NET v3.5.5 dotPDN LLC 31.05.2010 10,2MB 3.55.0 [notwendig] QuickTime Apple Inc. 09.06.2010 74,6MB 7.62.14.0 [notwendig] Realtek High Definition Audio Driver Realtek Semiconductor Corp. 28.04.2010 6.0.1.6029 [notwendig] Spin & Win Oberon Media 28.04.2010 [unbekannt] Synaptics Pointing Device Driver Synaptics Incorporated 28.04.2010 14.0.6.0 [unbekannt] Vectorworks 2010 Hilfe UNKNOWN 09.06.2010 2.0 [notwendig] Vectorworks ArchLand 2010 SP3 R1 09.06.2010 [notwendig] Welcome Center Acer Incorporated 28.04.2010 1.00.3013 [unnötig] WIDCOMM Bluetooth Software Broadcom Corporation 28.04.2010 183MB 6.3.0.4300 [unbekannt] Windows Live Anmelde-Assistent Microsoft Corporation 28.04.2010 1,93MB 5.000.818.5 [notwendig] Windows Live Essentials Microsoft Corporation 28.04.2010 14.0.8089.0726 [notwendig] Windows Live Sync Microsoft Corporation 28.04.2010 2,79MB 14.0.8089.726 [notwendig] Windows Live-Uploadtool Microsoft Corporation 28.04.2010 224KB 14.0.8014.1029 [notwendig] WinRAR 13.01.2011 [notwendig] | 
|  13.07.2012, 20:24 | #6 | 
| /// Malware-holic       |   Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Amazonia Avira SearchFree : beide Cake Chicken Dairy Dream eSobi Farm Galapago Granny Haali Heroes ICQ : beide Java Download der kostenlosen Java-Software downloade java jre instalieren deinstaliere: öffne CCleaner analysieren, starten öffne otl, cleanup pc startet neu, testen wie er läuft 
				__________________ --> Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet | 
|  14.07.2012, 21:27 | #7 | 
|  |   Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet Also diese ganzen vorinstallierten Spiele konnten sich nicht deinstallieren lassen, nicht über CCleaner und auch nicht direkt über den softwaremanager. Ansonsten habe ich alle Schritte abgearbeitet und am Ende den Knopf "Bereinigen" bei OTL gedrückt. Neustart verlief reibungslos. Jetzt wollte ich endlich das Windows Update durchführen für den SP1 aber der will einfach nichts downloaden, bleibt immer hängen. Kann man das auch auf anderem Weg updaten? | 
|  15.07.2012, 16:29 | #8 | 
| /// Malware-holic       |   Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet bleibt er wirklich hängen oder gibts ne fehlermeldung? hast du auf der acer homepage die neuesten treiber instaliert? wegen der deinstalationen, versuch mal rewo: http://www.hijackthis-forum.de/tipps...installer.html außerdem: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten 
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  17.07.2012, 20:54 | #9 | 
|  |   Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet hallo, sorry, war die letzten zwei tage verhindert. also die fehlermeldung vom update habe ich mal als jpg hochgeladen. habe dann das vorgeschlagene vorbereitungstool runtergeladen aber das hat mir auch nicht weitergeholfen. werde dann erstmal via acer die neusten treiber installieren. tdss killer: 21:48:03.0727 2452 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 21:48:03.0930 2452 ============================================================ 21:48:03.0930 2452 Current date / time: 2012/07/17 21:48:03.0930 21:48:03.0930 2452 SystemInfo: 21:48:03.0930 2452 21:48:03.0930 2452 OS Version: 6.1.7600 ServicePack: 0.0 21:48:03.0930 2452 Product type: Workstation 21:48:03.0930 2452 ComputerName: DISE-LAPTOP 21:48:03.0930 2452 UserName: DiSe 21:48:03.0930 2452 Windows directory: C:\Windows 21:48:03.0930 2452 System windows directory: C:\Windows 21:48:03.0930 2452 Running under WOW64 21:48:03.0930 2452 Processor architecture: Intel x64 21:48:03.0930 2452 Number of processors: 4 21:48:03.0930 2452 Page size: 0x1000 21:48:03.0930 2452 Boot type: Normal boot 21:48:03.0930 2452 ============================================================ 21:48:05.0023 2452 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:48:05.0038 2452 ============================================================ 21:48:05.0038 2452 \Device\Harddisk0\DR0: 21:48:05.0038 2452 MBR partitions: 21:48:05.0038 2452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000 21:48:05.0038 2452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x23A97AB0 21:48:05.0038 2452 ============================================================ 21:48:05.0069 2452 C: <-> \Device\Harddisk0\DR0\Partition1 21:48:05.0101 2452 ============================================================ 21:48:05.0101 2452 Initialize success 21:48:05.0101 2452 ============================================================ 21:48:34.0664 4472 ============================================================ 21:48:34.0664 4472 Scan started 21:48:34.0664 4472 Mode: Manual; SigCheck; TDLFS; 21:48:34.0664 4472 ============================================================ 21:48:35.0194 4472 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 21:48:35.0428 4472 1394ohci - ok 21:48:35.0491 4472 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 21:48:35.0537 4472 ACPI - ok 21:48:35.0600 4472 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 21:48:35.0678 4472 AcpiPmi - ok 21:48:35.0834 4472 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:48:35.0865 4472 AdobeARMservice - ok 21:48:36.0052 4472 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:48:36.0068 4472 AdobeFlashPlayerUpdateSvc - ok 21:48:36.0146 4472 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 21:48:36.0224 4472 adp94xx - ok 21:48:36.0302 4472 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 21:48:36.0349 4472 adpahci - ok 21:48:36.0411 4472 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 21:48:36.0473 4472 adpu320 - ok 21:48:36.0520 4472 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 21:48:36.0754 4472 AeLookupSvc - ok 21:48:36.0863 4472 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 21:48:36.0941 4472 AFD - ok 21:48:36.0988 4472 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 21:48:37.0004 4472 agp440 - ok 21:48:37.0051 4472 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 21:48:37.0129 4472 ALG - ok 21:48:37.0144 4472 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 21:48:37.0175 4472 aliide - ok 21:48:37.0191 4472 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 21:48:37.0222 4472 amdide - ok 21:48:37.0222 4472 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 21:48:37.0285 4472 AmdK8 - ok 21:48:37.0285 4472 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 21:48:37.0331 4472 AmdPPM - ok 21:48:37.0378 4472 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 21:48:37.0409 4472 amdsata - ok 21:48:37.0456 4472 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 21:48:37.0487 4472 amdsbs - ok 21:48:37.0503 4472 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 21:48:37.0534 4472 amdxata - ok 21:48:37.0581 4472 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS 21:48:37.0628 4472 AmUStor - ok 21:48:37.0753 4472 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 21:48:37.0768 4472 AntiVirSchedulerService - ok 21:48:37.0846 4472 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 21:48:37.0862 4472 AntiVirService - ok 21:48:37.0924 4472 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 21:48:38.0018 4472 AppID - ok 21:48:38.0049 4472 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 21:48:38.0174 4472 AppIDSvc - ok 21:48:38.0236 4472 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 21:48:38.0299 4472 Appinfo - ok 21:48:38.0439 4472 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:48:38.0455 4472 Apple Mobile Device - ok 21:48:38.0501 4472 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 21:48:38.0533 4472 arc - ok 21:48:38.0548 4472 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 21:48:38.0579 4472 arcsas - ok 21:48:38.0611 4472 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:48:38.0720 4472 AsyncMac - ok 21:48:38.0735 4472 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 21:48:38.0767 4472 atapi - ok 21:48:38.0954 4472 athr (70260c7c98cc0101316f5b2650c3bb44) C:\Windows\system32\DRIVERS\athrx.sys 21:48:39.0110 4472 athr - ok 21:48:39.0281 4472 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 21:48:39.0406 4472 AudioEndpointBuilder - ok 21:48:39.0406 4472 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 21:48:39.0515 4472 AudioSrv - ok 21:48:39.0749 4472 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys 21:48:39.0812 4472 avgntflt - ok 21:48:39.0905 4472 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys 21:48:39.0937 4472 avipbb - ok 21:48:39.0952 4472 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 21:48:39.0968 4472 avkmgr - ok 21:48:40.0015 4472 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 21:48:40.0093 4472 AxInstSV - ok 21:48:40.0186 4472 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 21:48:40.0249 4472 b06bdrv - ok 21:48:40.0295 4472 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:48:40.0342 4472 b57nd60a - ok 21:48:40.0467 4472 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys 21:48:40.0576 4472 BCM43XX - ok 21:48:40.0623 4472 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 21:48:40.0685 4472 BDESVC - ok 21:48:40.0732 4472 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:48:40.0873 4472 Beep - ok 21:48:40.0982 4472 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 21:48:41.0107 4472 BFE - ok 21:48:41.0200 4472 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll 21:48:41.0341 4472 BITS - ok 21:48:41.0403 4472 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 21:48:41.0434 4472 blbdrive - ok 21:48:41.0559 4472 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 21:48:41.0590 4472 Bonjour Service - ok 21:48:41.0637 4472 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 21:48:41.0715 4472 bowser - ok 21:48:41.0762 4472 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:48:41.0824 4472 BrFiltLo - ok 21:48:41.0840 4472 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:48:41.0871 4472 BrFiltUp - ok 21:48:41.0933 4472 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 21:48:42.0058 4472 BridgeMP - ok 21:48:42.0121 4472 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 21:48:42.0230 4472 Browser - ok 21:48:42.0292 4472 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:48:42.0386 4472 Brserid - ok 21:48:42.0401 4472 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:48:42.0448 4472 BrSerWdm - ok 21:48:42.0448 4472 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:48:42.0511 4472 BrUsbMdm - ok 21:48:42.0526 4472 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:48:42.0573 4472 BrUsbSer - ok 21:48:42.0620 4472 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 21:48:42.0698 4472 BthEnum - ok 21:48:42.0838 4472 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 21:48:42.0901 4472 BTHMODEM - ok 21:48:42.0963 4472 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 21:48:42.0994 4472 BthPan - ok 21:48:43.0119 4472 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys 21:48:43.0181 4472 BTHPORT - ok 21:48:43.0228 4472 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 21:48:43.0353 4472 bthserv - ok 21:48:43.0774 4472 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys 21:48:43.0930 4472 BTHUSB - ok 21:48:45.0677 4472 btwampfl (380b798d30c56ede4af58619d0e86ccb) C:\Windows\system32\drivers\btwampfl.sys 21:48:45.0740 4472 btwampfl - ok 21:48:46.0270 4472 btwaudio (ba5622f5544c6c445dff1a05acc8b19d) C:\Windows\system32\drivers\btwaudio.sys 21:48:46.0333 4472 btwaudio - ok 21:48:47.0128 4472 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\drivers\btwavdt.sys 21:48:47.0175 4472 btwavdt - ok 21:48:49.0858 4472 btwdins (3930e53ee0bed9dff9afa09f505d0cae) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 21:48:49.0921 4472 btwdins - ok 21:48:50.0217 4472 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys 21:48:50.0248 4472 btwl2cap - ok 21:48:50.0420 4472 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys 21:48:50.0482 4472 btwrchid - ok 21:48:51.0184 4472 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:48:51.0356 4472 cdfs - ok 21:48:51.0512 4472 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 21:48:51.0683 4472 cdrom - ok 21:48:52.0261 4472 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 21:48:52.0417 4472 CertPropSvc - ok 21:48:52.0838 4472 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 21:48:52.0900 4472 circlass - ok 21:48:55.0537 4472 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:48:55.0599 4472 CLFS - ok 21:48:56.0504 4472 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:48:56.0519 4472 clr_optimization_v2.0.50727_32 - ok 21:48:57.0284 4472 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:48:57.0299 4472 clr_optimization_v2.0.50727_64 - ok 21:48:58.0376 4472 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:48:58.0438 4472 clr_optimization_v4.0.30319_32 - ok 21:48:59.0000 4472 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:48:59.0031 4472 clr_optimization_v4.0.30319_64 - ok 21:48:59.0140 4472 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 21:48:59.0203 4472 CmBatt - ok 21:48:59.0343 4472 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 21:48:59.0405 4472 cmdide - ok 21:49:00.0139 4472 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys 21:49:00.0388 4472 CNG - ok 21:49:00.0669 4472 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 21:49:00.0716 4472 Compbatt - ok 21:49:01.0012 4472 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 21:49:01.0106 4472 CompositeBus - ok 21:49:01.0137 4472 COMSysApp - ok 21:49:01.0246 4472 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 21:49:01.0277 4472 crcdisk - ok 21:49:02.0354 4472 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll 21:49:02.0432 4472 CryptSvc - ok 21:49:03.0134 4472 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 21:49:03.0305 4472 DcomLaunch - ok 21:49:04.0366 4472 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 21:49:04.0507 4472 defragsvc - ok 21:49:05.0146 4472 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 21:49:05.0255 4472 DfsC - ok 21:49:07.0299 4472 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 21:49:08.0251 4472 Dhcp - ok 21:49:08.0547 4472 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:49:08.0719 4472 discache - ok 21:49:09.0093 4472 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 21:49:09.0140 4472 Disk - ok 21:49:10.0169 4472 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 21:49:10.0247 4472 Dnscache - ok 21:49:11.0839 4472 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 21:49:11.0979 4472 dot3svc - ok 21:49:12.0821 4472 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 21:49:12.0931 4472 DPS - ok 21:49:13.0055 4472 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:49:13.0118 4472 drmkaud - ok 21:49:14.0631 4472 DsiWMIService (55f6f3e0df82e0113082852347bf2c16) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 21:49:14.0693 4472 DsiWMIService - ok 21:49:19.0779 4472 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 21:49:19.0919 4472 DXGKrnl - ok 21:49:20.0684 4472 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 21:49:20.0809 4472 EapHost - ok 21:49:24.0521 4472 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 21:49:24.0880 4472 ebdrv - ok 21:49:25.0910 4472 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 21:49:26.0019 4472 EFS - ok 21:49:27.0470 4472 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 21:49:27.0563 4472 ehRecvr - ok 21:49:27.0610 4472 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 21:49:27.0657 4472 ehSched - ok 21:49:27.0860 4472 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 21:49:27.0953 4472 elxstor - ok 21:49:28.0125 4472 ePowerSvc (49eef52bfb986a2b5d70f4ec12637d7b) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 21:49:28.0203 4472 ePowerSvc - ok 21:49:28.0328 4472 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 21:49:28.0375 4472 ErrDev - ok 21:49:28.0453 4472 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 21:49:28.0577 4472 EventSystem - ok 21:49:28.0624 4472 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:49:28.0780 4472 exfat - ok 21:49:28.0811 4472 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:49:28.0983 4472 fastfat - ok 21:49:29.0061 4472 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 21:49:29.0170 4472 Fax - ok 21:49:29.0201 4472 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 21:49:29.0264 4472 fdc - ok 21:49:29.0295 4472 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 21:49:29.0373 4472 fdPHost - ok 21:49:29.0389 4472 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 21:49:29.0498 4472 FDResPub - ok 21:49:29.0545 4472 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:49:29.0591 4472 FileInfo - ok 21:49:29.0607 4472 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:49:29.0701 4472 Filetrace - ok 21:49:29.0747 4472 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 21:49:29.0779 4472 flpydisk - ok 21:49:29.0825 4472 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 21:49:29.0872 4472 FltMgr - ok 21:49:29.0981 4472 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 21:49:30.0075 4472 FontCache - ok 21:49:30.0200 4472 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:49:30.0247 4472 FontCache3.0.0.0 - ok 21:49:30.0309 4472 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:49:30.0325 4472 FsDepends - ok 21:49:30.0418 4472 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 21:49:30.0449 4472 Fs_Rec - ok 21:49:30.0512 4472 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:49:30.0559 4472 fvevol - ok 21:49:30.0590 4472 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 21:49:30.0621 4472 gagp30kx - ok 21:49:30.0668 4472 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:49:30.0683 4472 GEARAspiWDM - ok 21:49:30.0777 4472 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 21:49:30.0902 4472 gpsvc - ok 21:49:31.0120 4472 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe 21:49:31.0198 4472 Greg_Service - ok 21:49:31.0261 4472 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:49:31.0292 4472 gupdate - ok 21:49:31.0307 4472 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:49:31.0323 4472 gupdatem - ok 21:49:31.0463 4472 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:49:31.0510 4472 hcw85cir - ok 21:49:31.0573 4472 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 21:49:31.0651 4472 HdAudAddService - ok 21:49:31.0697 4472 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 21:49:31.0744 4472 HDAudBus - ok 21:49:31.0807 4472 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 21:49:31.0838 4472 HECIx64 - ok 21:49:31.0916 4472 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 21:49:31.0947 4472 HidBatt - ok 21:49:31.0994 4472 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 21:49:32.0041 4472 HidBth - ok 21:49:32.0056 4472 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 21:49:32.0119 4472 HidIr - ok 21:49:32.0150 4472 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 21:49:32.0259 4472 hidserv - ok 21:49:32.0306 4472 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 21:49:32.0337 4472 HidUsb - ok 21:49:32.0384 4472 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 21:49:32.0477 4472 hkmsvc - ok 21:49:32.0524 4472 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 21:49:32.0602 4472 HomeGroupListener - ok 21:49:32.0649 4472 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 21:49:32.0696 4472 HomeGroupProvider - ok 21:49:32.0743 4472 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 21:49:32.0774 4472 HpSAMD - ok 21:49:32.0852 4472 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 21:49:32.0977 4472 HTTP - ok 21:49:33.0008 4472 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 21:49:33.0023 4472 hwpolicy - ok 21:49:33.0055 4472 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 21:49:33.0086 4472 i8042prt - ok 21:49:33.0164 4472 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys 21:49:33.0195 4472 iaStor - ok 21:49:33.0335 4472 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 21:49:33.0351 4472 IAStorDataMgrSvc - ok 21:49:33.0445 4472 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 21:49:33.0507 4472 iaStorV - ok 21:49:33.0632 4472 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:49:33.0757 4472 idsvc - ok 21:49:34.0303 4472 igfx (7467ae8f96ea983423148c62458669fa) C:\Windows\system32\DRIVERS\igdkmd64.sys 21:49:34.0724 4472 igfx - ok 21:49:34.0911 4472 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 21:49:34.0942 4472 iirsp - ok 21:49:35.0036 4472 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 21:49:35.0161 4472 IKEEXT - ok 21:49:35.0223 4472 Impcd (c48567d80ad357613cd0eeade18780ae) C:\Windows\system32\DRIVERS\Impcd.sys 21:49:35.0270 4472 Impcd - ok 21:49:35.0488 4472 IntcAzAudAddService (3edd3ce185da3e6aaec22adcfd7b1d54) C:\Windows\system32\drivers\RTKVHD64.sys 21:49:35.0629 4472 IntcAzAudAddService - ok 21:49:35.0785 4472 IntcDAud (da24c1f66ee1b5a92e045376d7a44b58) C:\Windows\system32\DRIVERS\IntcDAud.sys 21:49:35.0878 4472 IntcDAud - ok 21:49:35.0925 4472 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 21:49:35.0941 4472 intelide - ok 21:49:35.0987 4472 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:49:36.0034 4472 intelppm - ok 21:49:36.0065 4472 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 21:49:36.0175 4472 IPBusEnum - ok 21:49:36.0206 4472 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:49:36.0284 4472 IpFilterDriver - ok 21:49:36.0346 4472 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 21:49:36.0455 4472 iphlpsvc - ok 21:49:36.0471 4472 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 21:49:36.0518 4472 IPMIDRV - ok 21:49:36.0533 4472 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:49:36.0643 4472 IPNAT - ok 21:49:36.0814 4472 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe 21:49:36.0892 4472 iPod Service - ok 21:49:36.0923 4472 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:49:36.0955 4472 IRENUM - ok 21:49:36.0986 4472 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 21:49:37.0017 4472 isapnp - ok 21:49:37.0048 4472 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 21:49:37.0079 4472 iScsiPrt - ok 21:49:37.0111 4472 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 21:49:37.0142 4472 kbdclass - ok 21:49:37.0173 4472 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 21:49:37.0220 4472 kbdhid - ok 21:49:37.0251 4472 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:49:37.0267 4472 KeyIso - ok 21:49:37.0329 4472 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys 21:49:37.0345 4472 KSecDD - ok 21:49:37.0391 4472 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys 21:49:37.0423 4472 KSecPkg - ok 21:49:37.0454 4472 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:49:37.0563 4472 ksthunk - ok 21:49:37.0625 4472 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 21:49:37.0766 4472 KtmRm - ok 21:49:37.0828 4472 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys 21:49:37.0859 4472 L1C - ok 21:49:37.0891 4472 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys 21:49:37.0906 4472 L1E - ok 21:49:37.0969 4472 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll 21:49:38.0031 4472 LanmanServer - ok 21:49:38.0062 4472 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 21:49:38.0171 4472 LanmanWorkstation - ok 21:49:38.0218 4472 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:49:38.0312 4472 lltdio - ok 21:49:38.0374 4472 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 21:49:38.0483 4472 lltdsvc - ok 21:49:38.0515 4472 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 21:49:38.0608 4472 lmhosts - ok 21:49:38.0749 4472 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:49:38.0780 4472 LMS - ok 21:49:38.0842 4472 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 21:49:38.0858 4472 LSI_FC - ok 21:49:38.0873 4472 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 21:49:38.0905 4472 LSI_SAS - ok 21:49:38.0905 4472 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:49:38.0936 4472 LSI_SAS2 - ok 21:49:38.0951 4472 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:49:38.0967 4472 LSI_SCSI - ok 21:49:38.0998 4472 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:49:39.0107 4472 luafv - ok 21:49:39.0154 4472 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 21:49:39.0201 4472 Mcx2Svc - ok 21:49:39.0232 4472 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 21:49:39.0248 4472 megasas - ok 21:49:39.0279 4472 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 21:49:39.0310 4472 MegaSR - ok 21:49:39.0341 4472 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:49:39.0435 4472 MMCSS - ok 21:49:39.0435 4472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:49:39.0529 4472 Modem - ok 21:49:39.0560 4472 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:49:39.0607 4472 monitor - ok 21:49:39.0685 4472 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 21:49:39.0700 4472 mouclass - ok 21:49:39.0763 4472 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:49:39.0809 4472 mouhid - ok 21:49:39.0856 4472 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 21:49:39.0887 4472 mountmgr - ok 21:49:40.0012 4472 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 21:49:40.0043 4472 MozillaMaintenance - ok 21:49:40.0075 4472 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 21:49:40.0106 4472 mpio - ok 21:49:40.0153 4472 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:49:40.0277 4472 mpsdrv - ok 21:49:40.0371 4472 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 21:49:40.0496 4472 MpsSvc - ok 21:49:40.0527 4472 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 21:49:40.0574 4472 MRxDAV - ok 21:49:40.0636 4472 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:49:40.0683 4472 mrxsmb - ok 21:49:40.0745 4472 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:49:40.0808 4472 mrxsmb10 - ok 21:49:40.0855 4472 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:49:40.0901 4472 mrxsmb20 - ok 21:49:40.0917 4472 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 21:49:40.0948 4472 msahci - ok 21:49:40.0964 4472 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 21:49:40.0995 4472 msdsm - ok 21:49:41.0042 4472 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 21:49:41.0135 4472 MSDTC - ok 21:49:41.0167 4472 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:49:41.0245 4472 Msfs - ok 21:49:41.0276 4472 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:49:41.0369 4472 mshidkmdf - ok 21:49:41.0385 4472 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 21:49:41.0401 4472 msisadrv - ok 21:49:41.0447 4472 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 21:49:41.0557 4472 MSiSCSI - ok 21:49:41.0557 4472 msiserver - ok 21:49:41.0603 4472 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:49:41.0697 4472 MSKSSRV - ok 21:49:41.0697 4472 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:49:41.0791 4472 MSPCLOCK - ok 21:49:41.0822 4472 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:49:41.0931 4472 MSPQM - ok 21:49:41.0978 4472 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 21:49:42.0025 4472 MsRPC - ok 21:49:42.0056 4472 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 21:49:42.0071 4472 mssmbios - ok 21:49:42.0103 4472 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:49:42.0212 4472 MSTEE - ok 21:49:42.0227 4472 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 21:49:42.0274 4472 MTConfig - ok 21:49:42.0290 4472 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:49:42.0305 4472 Mup - ok 21:49:42.0352 4472 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 21:49:42.0368 4472 mwlPSDFilter - ok 21:49:42.0399 4472 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 21:49:42.0415 4472 mwlPSDNServ - ok 21:49:42.0446 4472 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 21:49:42.0461 4472 mwlPSDVDisk - ok 21:49:42.0633 4472 MWLService (22a4905c958beb68d78385b633c1351b) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe 21:49:42.0664 4472 MWLService - ok 21:49:42.0742 4472 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 21:49:42.0867 4472 napagent - ok 21:49:42.0961 4472 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:49:43.0023 4472 NativeWifiP - ok 21:49:43.0117 4472 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 21:49:43.0179 4472 NDIS - ok 21:49:43.0226 4472 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:49:43.0304 4472 NdisCap - ok 21:49:43.0335 4472 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:49:43.0444 4472 NdisTapi - ok 21:49:43.0475 4472 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 21:49:43.0569 4472 Ndisuio - ok 21:49:43.0631 4472 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 21:49:43.0725 4472 NdisWan - ok 21:49:43.0741 4472 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 21:49:43.0834 4472 NDProxy - ok 21:49:43.0865 4472 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:49:43.0975 4472 NetBIOS - ok 21:49:44.0006 4472 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 21:49:44.0115 4472 NetBT - ok 21:49:44.0162 4472 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:49:44.0193 4472 Netlogon - ok 21:49:44.0240 4472 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 21:49:44.0349 4472 Netman - ok 21:49:44.0411 4472 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 21:49:44.0521 4472 netprofm - ok 21:49:44.0599 4472 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:49:44.0630 4472 NetTcpPortSharing - ok 21:49:44.0692 4472 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 21:49:44.0724 4472 nfrd960 - ok 21:49:44.0770 4472 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 21:49:44.0880 4472 NlaSvc - ok 21:49:44.0895 4472 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:49:44.0989 4472 Npfs - ok 21:49:45.0004 4472 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 21:49:45.0098 4472 nsi - ok 21:49:45.0114 4472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:49:45.0207 4472 nsiproxy - ok 21:49:45.0332 4472 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 21:49:45.0457 4472 Ntfs - ok 21:49:45.0566 4472 NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 21:49:45.0582 4472 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning 21:49:45.0582 4472 NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1) 21:49:45.0722 4472 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys 21:49:45.0738 4472 NTIDrvr - ok 21:49:45.0800 4472 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:49:45.0894 4472 Null - ok 21:49:45.0956 4472 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 21:49:45.0972 4472 nvraid - ok 21:49:46.0034 4472 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 21:49:46.0065 4472 nvstor - ok 21:49:46.0112 4472 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 21:49:46.0143 4472 nv_agp - ok 21:49:46.0315 4472 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:49:46.0377 4472 odserv - ok 21:49:46.0424 4472 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 21:49:46.0455 4472 ohci1394 - ok 21:49:46.0533 4472 OpenVPNService (2bbcb613bdb8995c7f1194e7de8d7fa7) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe 21:49:46.0549 4472 OpenVPNService ( UnsignedFile.Multi.Generic ) - warning 21:49:46.0549 4472 OpenVPNService - detected UnsignedFile.Multi.Generic (1) 21:49:46.0596 4472 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:49:46.0611 4472 ose - ok 21:49:46.0658 4472 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:49:46.0736 4472 p2pimsvc - ok 21:49:46.0783 4472 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 21:49:46.0814 4472 p2psvc - ok 21:49:46.0845 4472 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 21:49:46.0876 4472 Parport - ok 21:49:46.0923 4472 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 21:49:46.0939 4472 partmgr - ok 21:49:46.0970 4472 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 21:49:47.0017 4472 PcaSvc - ok 21:49:47.0064 4472 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 21:49:47.0110 4472 pci - ok 21:49:47.0142 4472 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 21:49:47.0157 4472 pciide - ok 21:49:47.0173 4472 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 21:49:47.0204 4472 pcmcia - ok 21:49:47.0220 4472 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:49:47.0235 4472 pcw - ok 21:49:47.0298 4472 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:49:47.0407 4472 PEAUTH - ok 21:49:47.0500 4472 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 21:49:47.0532 4472 PerfHost - ok 21:49:47.0703 4472 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 21:49:47.0859 4472 pla - ok 21:49:47.0937 4472 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 21:49:47.0984 4472 PlugPlay - ok 21:49:48.0015 4472 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 21:49:48.0062 4472 PNRPAutoReg - ok 21:49:48.0109 4472 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:49:48.0140 4472 PNRPsvc - ok 21:49:48.0202 4472 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 21:49:48.0312 4472 PolicyAgent - ok 21:49:48.0358 4472 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 21:49:48.0452 4472 Power - ok 21:49:48.0530 4472 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 21:49:48.0608 4472 PptpMiniport - ok 21:49:48.0624 4472 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 21:49:48.0670 4472 Processor - ok 21:49:48.0717 4472 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll 21:49:48.0811 4472 ProfSvc - ok 21:49:48.0842 4472 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:49:48.0873 4472 ProtectedStorage - ok 21:49:48.0936 4472 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 21:49:49.0029 4472 Psched - ok 21:49:49.0185 4472 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 21:49:49.0294 4472 ql2300 - ok 21:49:49.0544 4472 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 21:49:49.0575 4472 ql40xx - ok 21:49:49.0638 4472 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 21:49:49.0700 4472 QWAVE - ok 21:49:49.0731 4472 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:49:49.0778 4472 QWAVEdrv - ok 21:49:49.0825 4472 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:49:49.0950 4472 RasAcd - ok 21:49:49.0981 4472 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:49:50.0074 4472 RasAgileVpn - ok 21:49:50.0121 4472 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 21:49:50.0230 4472 RasAuto - ok 21:49:50.0262 4472 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:49:50.0386 4472 Rasl2tp - ok 21:49:50.0449 4472 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 21:49:50.0558 4472 RasMan - ok 21:49:50.0605 4472 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:49:50.0714 4472 RasPppoe - ok 21:49:50.0745 4472 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:49:50.0854 4472 RasSstp - ok 21:49:50.0917 4472 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 21:49:51.0026 4472 rdbss - ok 21:49:51.0057 4472 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 21:49:51.0088 4472 rdpbus - ok 21:49:51.0120 4472 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:49:51.0213 4472 RDPCDD - ok 21:49:51.0244 4472 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 21:49:51.0338 4472 RDPENCDD - ok 21:49:51.0369 4472 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:49:51.0447 4472 RDPREFMP - ok 21:49:51.0494 4472 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 21:49:51.0556 4472 RDPWD - ok 21:49:51.0619 4472 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 21:49:51.0666 4472 rdyboost - ok 21:49:51.0712 4472 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 21:49:51.0822 4472 RemoteAccess - ok 21:49:51.0853 4472 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 21:49:51.0962 4472 RemoteRegistry - ok 21:49:52.0024 4472 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 21:49:52.0071 4472 RFCOMM - ok 21:49:52.0196 4472 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe 21:49:52.0243 4472 RichVideo ( UnsignedFile.Multi.Generic ) - warning 21:49:52.0243 4472 RichVideo - detected UnsignedFile.Multi.Generic (1) 21:49:52.0274 4472 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 21:49:52.0368 4472 RpcEptMapper - ok 21:49:52.0399 4472 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 21:49:52.0446 4472 RpcLocator - ok 21:49:52.0492 4472 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 21:49:52.0602 4472 RpcSs - ok 21:49:52.0648 4472 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:49:52.0758 4472 rspndr - ok 21:49:52.0867 4472 RS_Service (7cb9f0fdd730f4a4ecf6cde15ea12e8a) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe 21:49:52.0898 4472 RS_Service - ok 21:49:52.0945 4472 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:49:52.0960 4472 SamSs - ok 21:49:52.0992 4472 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 21:49:53.0023 4472 sbp2port - ok 21:49:53.0070 4472 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 21:49:53.0179 4472 SCardSvr - ok 21:49:53.0210 4472 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 21:49:53.0304 4472 scfilter - ok 21:49:53.0444 4472 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 21:49:53.0522 4472 Schedule - ok 21:49:53.0569 4472 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 21:49:53.0662 4472 SCPolicySvc - ok 21:49:53.0709 4472 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 21:49:53.0772 4472 SDRSVC - ok 21:49:53.0850 4472 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 21:49:53.0959 4472 secdrv - ok 21:49:53.0990 4472 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 21:49:54.0115 4472 seclogon - ok 21:49:54.0130 4472 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 21:49:54.0240 4472 SENS - ok 21:49:54.0255 4472 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 21:49:54.0318 4472 SensrSvc - ok 21:49:54.0349 4472 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 21:49:54.0380 4472 Serenum - ok 21:49:54.0396 4472 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 21:49:54.0427 4472 Serial - ok 21:49:54.0427 4472 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 21:49:54.0474 4472 sermouse - ok 21:49:54.0536 4472 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 21:49:54.0630 4472 SessionEnv - ok 21:49:54.0630 4472 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 21:49:54.0676 4472 sffdisk - ok 21:49:54.0692 4472 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 21:49:54.0723 4472 sffp_mmc - ok 21:49:54.0739 4472 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 21:49:54.0786 4472 sffp_sd - ok 21:49:54.0786 4472 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 21:49:54.0817 4472 sfloppy - ok 21:49:54.0895 4472 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 21:49:55.0020 4472 SharedAccess - ok 21:49:55.0098 4472 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 21:49:55.0160 4472 ShellHWDetection - ok 21:49:55.0191 4472 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:49:55.0222 4472 SiSRaid2 - ok 21:49:55.0238 4472 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 21:49:55.0269 4472 SiSRaid4 - ok 21:49:55.0300 4472 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:49:55.0394 4472 Smb - ok 21:49:55.0456 4472 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 21:49:55.0488 4472 SNMPTRAP - ok 21:49:55.0534 4472 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:49:55.0550 4472 spldr - ok 21:49:55.0628 4472 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 21:49:55.0706 4472 Spooler - ok 21:49:55.0971 4472 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 21:49:56.0190 4472 sppsvc - ok 21:49:56.0330 4472 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 21:49:56.0439 4472 sppuinotify - ok 21:49:56.0517 4472 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 21:49:56.0580 4472 srv - ok 21:49:56.0626 4472 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 21:49:56.0673 4472 srv2 - ok 21:49:56.0704 4472 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 21:49:56.0751 4472 srvnet - ok 21:49:56.0798 4472 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 21:49:56.0923 4472 SSDPSRV - ok 21:49:56.0938 4472 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 21:49:57.0048 4472 SstpSvc - ok 21:49:57.0063 4472 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 21:49:57.0094 4472 stexstor - ok 21:49:57.0157 4472 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 21:49:57.0219 4472 stisvc - ok 21:49:57.0250 4472 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 21:49:57.0266 4472 swenum - ok 21:49:57.0328 4472 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 21:49:57.0438 4472 swprv - ok 21:49:57.0500 4472 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys 21:49:57.0531 4472 SynTP - ok 21:49:57.0687 4472 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 21:49:57.0812 4472 SysMain - ok 21:49:57.0937 4472 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 21:49:57.0999 4472 TabletInputService - ok 21:49:58.0077 4472 tap0901 (595cb8da5b522ad8cc28193dc21fd496) C:\Windows\system32\DRIVERS\tap0901.sys 21:49:58.0108 4472 tap0901 - ok 21:49:58.0171 4472 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 21:49:58.0280 4472 TapiSrv - ok 21:49:58.0311 4472 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 21:49:58.0405 4472 TBS - ok 21:49:58.0576 4472 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 21:49:58.0701 4472 Tcpip - ok 21:49:58.0998 4472 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 21:49:59.0091 4472 TCPIP6 - ok 21:49:59.0200 4472 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 21:49:59.0294 4472 tcpipreg - ok 21:49:59.0310 4472 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:49:59.0356 4472 TDPIPE - ok 21:49:59.0388 4472 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 21:49:59.0419 4472 TDTCP - ok 21:49:59.0450 4472 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 21:49:59.0544 4472 tdx - ok 21:49:59.0590 4472 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 21:49:59.0622 4472 TermDD - ok 21:49:59.0715 4472 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 21:49:59.0840 4472 TermService - ok 21:49:59.0871 4472 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 21:49:59.0918 4472 Themes - ok 21:49:59.0949 4472 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:50:00.0043 4472 THREADORDER - ok 21:50:00.0058 4472 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 21:50:00.0152 4472 TrkWks - ok 21:50:00.0199 4472 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 21:50:00.0246 4472 TrustedInstaller - ok 21:50:00.0277 4472 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:50:00.0386 4472 tssecsrv - ok 21:50:00.0464 4472 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 21:50:00.0558 4472 tunnel - ok 21:50:00.0604 4472 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 21:50:00.0636 4472 uagp35 - ok 21:50:00.0667 4472 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys 21:50:00.0682 4472 UBHelper - ok 21:50:00.0714 4472 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 21:50:00.0838 4472 udfs - ok 21:50:00.0870 4472 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 21:50:00.0901 4472 UI0Detect - ok 21:50:00.0901 4472 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 21:50:00.0932 4472 uliagpkx - ok 21:50:00.0979 4472 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 21:50:01.0010 4472 umbus - ok 21:50:01.0026 4472 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 21:50:01.0072 4472 UmPass - ok 21:50:01.0384 4472 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 21:50:01.0540 4472 UNS - ok 21:50:01.0665 4472 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 21:50:01.0712 4472 Updater Service - ok 21:50:01.0868 4472 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 21:50:01.0977 4472 upnphost - ok 21:50:02.0040 4472 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 21:50:02.0086 4472 USBAAPL64 - ok 21:50:02.0133 4472 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys 21:50:02.0164 4472 usbccgp - ok 21:50:02.0227 4472 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 21:50:02.0274 4472 usbcir - ok 21:50:02.0320 4472 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys 21:50:02.0352 4472 usbehci - ok 21:50:02.0414 4472 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys 21:50:02.0445 4472 usbhub - ok 21:50:02.0476 4472 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys 21:50:02.0523 4472 usbohci - ok 21:50:02.0554 4472 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:50:02.0601 4472 usbprint - ok 21:50:02.0648 4472 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:50:02.0710 4472 USBSTOR - ok 21:50:02.0742 4472 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys 21:50:02.0788 4472 usbuhci - ok 21:50:02.0851 4472 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 21:50:02.0913 4472 usbvideo - ok 21:50:02.0929 4472 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 21:50:03.0038 4472 UxSms - ok 21:50:03.0069 4472 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:50:03.0100 4472 VaultSvc - ok 21:50:03.0147 4472 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 21:50:03.0178 4472 vdrvroot - ok 21:50:03.0225 4472 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 21:50:03.0288 4472 vds - ok 21:50:03.0334 4472 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:50:03.0366 4472 vga - ok 21:50:03.0397 4472 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:50:03.0490 4472 VgaSave - ok 21:50:03.0522 4472 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 21:50:03.0553 4472 vhdmp - ok 21:50:03.0553 4472 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 21:50:03.0584 4472 viaide - ok 21:50:03.0600 4472 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 21:50:03.0631 4472 volmgr - ok 21:50:03.0693 4472 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 21:50:03.0724 4472 volmgrx - ok 21:50:03.0771 4472 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 21:50:03.0818 4472 volsnap - ok 21:50:03.0865 4472 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 21:50:03.0896 4472 vsmraid - ok 21:50:04.0052 4472 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 21:50:04.0177 4472 VSS - ok 21:50:04.0302 4472 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 21:50:04.0333 4472 vwifibus - ok 21:50:04.0348 4472 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 21:50:04.0411 4472 vwififlt - ok 21:50:04.0489 4472 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 21:50:04.0582 4472 W32Time - ok 21:50:04.0614 4472 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 21:50:04.0660 4472 WacomPen - ok 21:50:04.0692 4472 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 21:50:04.0816 4472 WANARP - ok 21:50:04.0832 4472 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 21:50:04.0910 4472 Wanarpv6 - ok 21:50:05.0066 4472 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 21:50:05.0191 4472 wbengine - ok 21:50:05.0316 4472 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 21:50:05.0378 4472 WbioSrvc - ok 21:50:05.0440 4472 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 21:50:05.0487 4472 wcncsvc - ok 21:50:05.0518 4472 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 21:50:05.0550 4472 WcsPlugInService - ok 21:50:05.0612 4472 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 21:50:05.0643 4472 Wd - ok 21:50:05.0737 4472 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:50:05.0799 4472 Wdf01000 - ok 21:50:05.0830 4472 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:50:05.0893 4472 WdiServiceHost - ok 21:50:05.0893 4472 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:50:05.0940 4472 WdiSystemHost - ok 21:50:06.0002 4472 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 21:50:06.0064 4472 WebClient - ok 21:50:06.0111 4472 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 21:50:06.0236 4472 Wecsvc - ok 21:50:06.0252 4472 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 21:50:06.0361 4472 wercplsupport - ok 21:50:06.0392 4472 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 21:50:06.0501 4472 WerSvc - ok 21:50:06.0595 4472 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:50:06.0688 4472 WfpLwf - ok 21:50:06.0704 4472 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:50:06.0735 4472 WIMMount - ok 21:50:06.0766 4472 WinDefend - ok 21:50:06.0782 4472 WinHttpAutoProxySvc - ok 21:50:06.0876 4472 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 21:50:07.0000 4472 Winmgmt - ok 21:50:07.0172 4472 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 21:50:07.0375 4472 WinRM - ok 21:50:07.0546 4472 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 21:50:07.0578 4472 WinUsb - ok 21:50:07.0671 4472 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 21:50:07.0765 4472 Wlansvc - ok 21:50:07.0812 4472 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 21:50:07.0843 4472 WmiAcpi - ok 21:50:07.0936 4472 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 21:50:07.0983 4472 wmiApSrv - ok 21:50:08.0030 4472 WMPNetworkSvc - ok 21:50:08.0061 4472 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 21:50:08.0108 4472 WPCSvc - ok 21:50:08.0139 4472 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 21:50:08.0170 4472 WPDBusEnum - ok 21:50:08.0202 4472 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:50:08.0295 4472 ws2ifsl - ok 21:50:08.0358 4472 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll 21:50:08.0389 4472 wscsvc - ok 21:50:08.0389 4472 WSearch - ok 21:50:08.0670 4472 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 21:50:08.0811 4472 wuauserv - ok 21:50:08.0967 4472 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 21:50:09.0061 4472 WudfPf - ok 21:50:09.0107 4472 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:50:09.0201 4472 WUDFRd - ok 21:50:09.0232 4472 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 21:50:09.0341 4472 wudfsvc - ok 21:50:09.0373 4472 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 21:50:09.0435 4472 WwanSvc - ok 21:50:09.0497 4472 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 21:50:09.0950 4472 \Device\Harddisk0\DR0 - ok 21:50:09.0950 4472 Boot (0x1200) (b77ebb2d40a989d70c8a72f90e2b9398) \Device\Harddisk0\DR0\Partition0 21:50:09.0950 4472 \Device\Harddisk0\DR0\Partition0 - ok 21:50:09.0981 4472 Boot (0x1200) (eebd29ddc215931d110184c77a7e7198) \Device\Harddisk0\DR0\Partition1 21:50:09.0981 4472 \Device\Harddisk0\DR0\Partition1 - ok 21:50:09.0981 4472 ============================================================ 21:50:09.0981 4472 Scan finished 21:50:09.0981 4472 ============================================================ 21:50:09.0997 4240 Detected object count: 3 21:50:09.0997 4240 Actual detected object count: 3 21:50:31.0135 4240 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user 21:50:31.0135 4240 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:50:31.0135 4240 OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user 21:50:31.0135 4240 OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:50:31.0150 4240 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 21:50:31.0150 4240 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip | 
|  19.07.2012, 21:33 | #10 | 
| /// Malware-holic       |   Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet gabs nach update der treiber ne besserung?  
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  20.07.2012, 20:39 | #11 | 
|  |   Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet nein, das update kann nach wie vor nicht installiert werden. die fehlermeldung bleibt leider die gleiche  | 
|  25.07.2012, 18:29 | #12 | 
| /// Malware-holic       |   Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet und wenn du die treiber direkt bei den jeweiligen hersteller der komponennten lädst?  
				__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet | 
|  | 
| Themen zu Webcam-Trojaner / Windows 7 (64bit) / Explorer wird nach Start beendet | 
| administrator, anmelden, autostart, beim starten, das angegebene modul wurde nicht gefunden, dateien, explorer, fehlermeldung, firefox, glom0, glom0_og.exe, heuristiks/extra, heuristiks/shuriken, hängen, laufwerk, log, löschen, malwarebytes, neu, problem, problem beim starten von c, screenshot, starten, task-manager, trojan.inject, trojaner, webcam, windows |