Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU- Trjaner mit Webcam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.12.2012, 16:41   #1
Niklas.Günth
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



Guten Tag,
ich habe mir wohl auch den GVU Trojanger gefangen.
Am Anhang befindet sich eine winrar-datei mit den beiden OTL logs und dem Malwarebytes-log.
Vielen Dnak schonmal im Vorraus.

Alt 17.12.2012, 19:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.12.2012, 10:42   #3
Niklas.Günth
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



hallo,

der malwarebytes- log ist in der winrar-datei im anhang mit den 2 OTL- logs. Ansonsten habe ich keinen scan durchgeführt?
Ich benutze das Avira AntiVir programm, soll ich damit auch noch einen scan durchführen und soll ich die Otl und malwarebytes-logs in den code-befehl setzen oder reicht das so als upload.
Vielen Dank
lg
__________________

Alt 18.12.2012, 22:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



Zitat:
soll ich damit auch noch einen scan durchführen
Nein?! Was hab ich denn vorhin gepostet!?
Es geht erstmal da drum, dass du alle vorhandenen Logs postest
Sowas frage ich immer, kann ja sein, dass du Logs vergessen hast
Hat AntiVir mal Funde gehabt? Wenn ja wo sind die Logs dazu?

Zitat:
soll ich die Otl und malwarebytes-logs in den code-befehl setzen oder reicht das so als upload.
Alle folgenden Logs bitte in CODE-Tags
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.12.2012, 14:29   #5
Niklas.Günth
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



alles kla, alles jetzt folgende in code- tags.
AntiVir hatte keinen Fund in letzter Zeit, habe da also dementsprechend keinen anderen log als die OTL Dateien und den Malwarebytes-log.


Alt 19.12.2012, 23:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> GVU- Trjaner mit Webcam

Alt 20.12.2012, 00:18   #7
Niklas.Günth
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



Vielen Dank.
Hier ist der aswMBR-log.

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-20 00:08:46
-----------------------------
00:08:46.698    OS Version: Windows x64 6.1.7601 Service Pack 1
00:08:46.698    Number of processors: 4 586 0x2A07
00:08:46.698    ComputerName: NIKLAS-PC  UserName: Niklas
00:08:47.608    Initialize success
00:08:53.118    AVAST engine defs: 12121901
00:09:00.799    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:09:00.799    Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
00:09:00.889    Disk 0 MBR read successfully
00:09:00.889    Disk 0 MBR scan
00:09:00.899    Disk 0 Windows 7 default MBR code
00:09:00.919    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
00:09:00.929    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       190776 MB offset 52430848
00:09:00.939    Disk 0 Partition - 00     0F Extended LBA            260562 MB offset 443140096
00:09:00.969    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       260561 MB offset 443142144
00:09:01.079    Disk 0 scanning C:\Windows\system32\drivers
00:09:13.598    Service scanning
00:09:40.894    Modules scanning
00:09:40.904    Disk 0 trace - called modules:
00:09:41.304    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
00:09:41.314    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80081ca060]
00:09:41.324    3 CLASSPNP.SYS[fffff88001b7d43f] -> nt!IofCallDriver -> [0xfffffa80062e8e40]
00:09:41.334    5 ACPI.sys[fffff88000d867a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800664c050]
00:09:41.344    Scan finished successfully
00:10:40.704    Disk 0 MBR has been saved successfully to "C:\Users\Niklas\Desktop\MBR.dat"
00:10:40.704    The log file has been saved successfully to "C:\Users\Niklas\Desktop\aswMBR.txt"
         
und hier ist der tdss-killer log:

Code:
ATTFilter
00:13:46.0268 0624  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:13:46.0471 0624  ============================================================
00:13:46.0471 0624  Current date / time: 2012/12/20 00:13:46.0471
00:13:46.0471 0624  SystemInfo:
00:13:46.0471 0624  
00:13:46.0471 0624  OS Version: 6.1.7601 ServicePack: 1.0
00:13:46.0471 0624  Product type: Workstation
00:13:46.0471 0624  ComputerName: NIKLAS-PC
00:13:46.0471 0624  UserName: Niklas
00:13:46.0471 0624  Windows directory: C:\Windows
00:13:46.0471 0624  System windows directory: C:\Windows
00:13:46.0471 0624  Running under WOW64
00:13:46.0471 0624  Processor architecture: Intel x64
00:13:46.0471 0624  Number of processors: 4
00:13:46.0471 0624  Page size: 0x1000
00:13:46.0471 0624  Boot type: Normal boot
00:13:46.0471 0624  ============================================================
00:13:47.0157 0624  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:13:47.0157 0624  ============================================================
00:13:47.0157 0624  \Device\Harddisk0\DR0:
00:13:47.0157 0624  MBR partitions:
00:13:47.0157 0624  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
00:13:47.0189 0624  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
00:13:47.0189 0624  ============================================================
00:13:47.0204 0624  C: <-> \Device\Harddisk0\DR0\Partition1
00:13:47.0235 0624  D: <-> \Device\Harddisk0\DR0\Partition2
00:13:47.0235 0624  ============================================================
00:13:47.0235 0624  Initialize success
00:13:47.0235 0624  ============================================================
00:14:16.0589 4172  ============================================================
00:14:16.0589 4172  Scan started
00:14:16.0589 4172  Mode: Manual; SigCheck; TDLFS; 
00:14:16.0589 4172  ============================================================
00:14:16.0886 4172  ================ Scan system memory ========================
00:14:16.0886 4172  System memory - ok
00:14:16.0886 4172  ================ Scan services =============================
00:14:17.0026 4172  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:14:17.0120 4172  1394ohci - ok
00:14:17.0151 4172  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:14:17.0167 4172  ACPI - ok
00:14:17.0182 4172  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:14:17.0213 4172  AcpiPmi - ok
00:14:17.0260 4172  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
00:14:17.0291 4172  acsock - ok
00:14:17.0354 4172  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:14:17.0385 4172  adp94xx - ok
00:14:17.0416 4172  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:14:17.0447 4172  adpahci - ok
00:14:17.0463 4172  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:14:17.0510 4172  adpu320 - ok
00:14:17.0557 4172  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:14:17.0619 4172  AeLookupSvc - ok
00:14:17.0697 4172  [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent        C:\Windows\system32\FBAgent.exe
00:14:17.0728 4172  AFBAgent - ok
00:14:17.0775 4172  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
00:14:17.0837 4172  AFD - ok
00:14:17.0853 4172  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:14:17.0869 4172  agp440 - ok
00:14:17.0900 4172  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
00:14:17.0947 4172  ALG - ok
00:14:17.0978 4172  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:14:17.0993 4172  aliide - ok
00:14:18.0009 4172  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
00:14:18.0025 4172  amdide - ok
00:14:18.0040 4172  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:14:18.0087 4172  AmdK8 - ok
00:14:18.0087 4172  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
00:14:18.0118 4172  AmdPPM - ok
00:14:18.0149 4172  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:14:18.0181 4172  amdsata - ok
00:14:18.0212 4172  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
00:14:18.0243 4172  amdsbs - ok
00:14:18.0259 4172  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:14:18.0274 4172  amdxata - ok
00:14:18.0352 4172  [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
00:14:18.0383 4172  Amsp - ok
00:14:18.0477 4172  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:14:18.0508 4172  AntiVirSchedulerService - ok
00:14:18.0555 4172  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:14:18.0586 4172  AntiVirService - ok
00:14:18.0602 4172  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
00:14:18.0664 4172  AppID - ok
00:14:18.0695 4172  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:14:18.0758 4172  AppIDSvc - ok
00:14:18.0773 4172  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
00:14:18.0820 4172  Appinfo - ok
00:14:18.0851 4172  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
00:14:18.0867 4172  arc - ok
00:14:18.0867 4172  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:14:18.0883 4172  arcsas - ok
00:14:18.0945 4172  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
00:14:18.0976 4172  ASLDRService - ok
00:14:19.0023 4172  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
00:14:19.0039 4172  ASMMAP64 - ok
00:14:19.0132 4172  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:14:19.0179 4172  aspnet_state - ok
00:14:19.0210 4172  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:14:19.0273 4172  AsyncMac - ok
00:14:19.0304 4172  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
00:14:19.0319 4172  atapi - ok
00:14:19.0351 4172  [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
00:14:19.0366 4172  AthBTPort - ok
00:14:19.0413 4172  [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
00:14:19.0413 4172  Atheros Bt&Wlan Coex Agent - ok
00:14:19.0429 4172  [ 21753130331188C4B474E1D3B396E629 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
00:14:19.0429 4172  AtherosSvc - ok
00:14:19.0538 4172  [ B4174564AD5834A1680610572477878C ] athr            C:\Windows\system32\DRIVERS\athrx.sys
00:14:19.0694 4172  athr - ok
00:14:19.0709 4172  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
00:14:19.0725 4172  ATKGFNEXSrv - ok
00:14:19.0772 4172  [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
00:14:19.0787 4172  ATKWMIACPIIO - ok
00:14:19.0819 4172  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:14:19.0881 4172  AudioEndpointBuilder - ok
00:14:19.0897 4172  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:14:19.0928 4172  AudioSrv - ok
00:14:19.0990 4172  [ B1224E6B086CD6548315B04AB575A23E ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
00:14:20.0006 4172  avgntflt - ok
00:14:20.0037 4172  [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
00:14:20.0053 4172  avipbb - ok
00:14:20.0099 4172  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:14:20.0193 4172  AxInstSV - ok
00:14:20.0255 4172  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
00:14:20.0349 4172  b06bdrv - ok
00:14:20.0380 4172  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:14:20.0411 4172  b57nd60a - ok
00:14:20.0474 4172  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:14:20.0521 4172  BDESVC - ok
00:14:20.0552 4172  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:14:20.0630 4172  Beep - ok
00:14:20.0692 4172  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
00:14:20.0801 4172  BFE - ok
00:14:20.0833 4172  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
00:14:20.0942 4172  BITS - ok
00:14:20.0957 4172  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:14:21.0004 4172  blbdrive - ok
00:14:21.0051 4172  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:14:21.0113 4172  bowser - ok
00:14:21.0129 4172  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
00:14:21.0191 4172  BrFiltLo - ok
00:14:21.0223 4172  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
00:14:21.0238 4172  BrFiltUp - ok
00:14:21.0285 4172  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
00:14:21.0316 4172  Browser - ok
00:14:21.0347 4172  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:14:21.0394 4172  Brserid - ok
00:14:21.0394 4172  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:14:21.0425 4172  BrSerWdm - ok
00:14:21.0441 4172  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:14:21.0472 4172  BrUsbMdm - ok
00:14:21.0488 4172  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:14:21.0535 4172  BrUsbSer - ok
00:14:21.0581 4172  [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
00:14:21.0613 4172  BTATH_A2DP - ok
00:14:21.0644 4172  [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
00:14:21.0659 4172  BTATH_BUS - ok
00:14:21.0675 4172  [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
00:14:21.0691 4172  BTATH_HCRP - ok
00:14:21.0706 4172  [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
00:14:21.0706 4172  BTATH_LWFLT - ok
00:14:21.0722 4172  [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
00:14:21.0722 4172  BTATH_RCP - ok
00:14:21.0784 4172  [ AA0F5AFCF077C5246589B32ECEEAE566 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
00:14:21.0784 4172  BtFilter - ok
00:14:21.0831 4172  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
00:14:21.0971 4172  BthEnum - ok
00:14:22.0003 4172  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:14:22.0034 4172  BTHMODEM - ok
00:14:22.0065 4172  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
00:14:22.0096 4172  BthPan - ok
00:14:22.0143 4172  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
00:14:22.0174 4172  BTHPORT - ok
00:14:22.0221 4172  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
00:14:22.0315 4172  bthserv - ok
00:14:22.0346 4172  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
00:14:22.0361 4172  BTHUSB - ok
00:14:22.0408 4172  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:14:22.0455 4172  cdfs - ok
00:14:22.0479 4172  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:14:22.0510 4172  cdrom - ok
00:14:22.0557 4172  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:14:22.0642 4172  CertPropSvc - ok
00:14:22.0675 4172  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
00:14:22.0698 4172  circlass - ok
00:14:22.0761 4172  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
00:14:22.0799 4172  CLFS - ok
00:14:22.0878 4172  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:14:22.0901 4172  clr_optimization_v2.0.50727_32 - ok
00:14:22.0964 4172  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:14:22.0979 4172  clr_optimization_v2.0.50727_64 - ok
00:14:23.0053 4172  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:14:23.0135 4172  clr_optimization_v4.0.30319_32 - ok
00:14:23.0160 4172  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:14:23.0176 4172  clr_optimization_v4.0.30319_64 - ok
00:14:23.0208 4172  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:14:23.0232 4172  CmBatt - ok
00:14:23.0251 4172  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:14:23.0262 4172  cmdide - ok
00:14:23.0299 4172  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
00:14:23.0322 4172  CNG - ok
00:14:23.0359 4172  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
00:14:23.0368 4172  Compbatt - ok
00:14:23.0378 4172  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
00:14:23.0415 4172  CompositeBus - ok
00:14:23.0427 4172  COMSysApp - ok
00:14:23.0440 4172  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:14:23.0449 4172  crcdisk - ok
00:14:23.0480 4172  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:14:23.0538 4172  CryptSvc - ok
00:14:23.0579 4172  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
00:14:23.0594 4172  CVirtA - ok
00:14:23.0672 4172  [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
00:14:23.0719 4172  CVPND - ok
00:14:23.0750 4172  [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
00:14:23.0766 4172  CVPNDRVA - ok
00:14:23.0797 4172  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:14:23.0860 4172  DcomLaunch - ok
00:14:23.0891 4172  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
00:14:23.0938 4172  defragsvc - ok
00:14:23.0984 4172  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:14:24.0062 4172  DfsC - ok
00:14:24.0094 4172  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:14:24.0156 4172  Dhcp - ok
00:14:24.0172 4172  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
00:14:24.0234 4172  discache - ok
00:14:24.0281 4172  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
00:14:24.0296 4172  Disk - ok
00:14:24.0359 4172  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
00:14:24.0374 4172  DNE - ok
00:14:24.0406 4172  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:14:24.0468 4172  Dnscache - ok
00:14:24.0515 4172  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:14:24.0593 4172  dot3svc - ok
00:14:24.0608 4172  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
00:14:24.0686 4172  DPS - ok
00:14:24.0702 4172  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:14:24.0749 4172  drmkaud - ok
00:14:24.0780 4172  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:14:24.0842 4172  DXGKrnl - ok
00:14:24.0889 4172  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
00:14:24.0967 4172  EapHost - ok
00:14:25.0061 4172  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
00:14:25.0154 4172  ebdrv - ok
00:14:25.0186 4172  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
00:14:25.0232 4172  EFS - ok
00:14:25.0326 4172  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:14:25.0388 4172  ehRecvr - ok
00:14:25.0404 4172  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
00:14:25.0466 4172  ehSched - ok
00:14:25.0544 4172  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
00:14:25.0591 4172  elxstor - ok
00:14:25.0685 4172  [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
00:14:25.0747 4172  EPSON_EB_RPCV4_04 - ok
00:14:25.0778 4172  [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
00:14:25.0810 4172  EPSON_PM_RPCV4_04 - ok
00:14:25.0825 4172  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:14:25.0872 4172  ErrDev - ok
00:14:25.0919 4172  [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard       C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
00:14:25.0934 4172  esgiguard - ok
00:14:25.0966 4172  [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner      C:\Windows\system32\DRIVERS\EsgScanner.sys
00:14:25.0981 4172  EsgScanner - ok
00:14:26.0012 4172  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
00:14:26.0075 4172  EventSystem - ok
00:14:26.0122 4172  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
00:14:26.0168 4172  exfat - ok
00:14:26.0200 4172  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:14:26.0278 4172  fastfat - ok
00:14:26.0324 4172  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
00:14:26.0434 4172  Fax - ok
00:14:26.0449 4172  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
00:14:26.0480 4172  fdc - ok
00:14:26.0512 4172  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:14:26.0558 4172  fdPHost - ok
00:14:26.0574 4172  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:14:26.0621 4172  FDResPub - ok
00:14:26.0652 4172  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:14:26.0668 4172  FileInfo - ok
00:14:26.0683 4172  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:14:26.0761 4172  Filetrace - ok
00:14:26.0777 4172  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
00:14:26.0792 4172  flpydisk - ok
00:14:26.0824 4172  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:14:26.0839 4172  FltMgr - ok
00:14:26.0886 4172  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
00:14:26.0948 4172  FontCache - ok
00:14:27.0011 4172  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:14:27.0026 4172  FontCache3.0.0.0 - ok
00:14:27.0042 4172  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:14:27.0058 4172  FsDepends - ok
00:14:27.0089 4172  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
00:14:27.0104 4172  fssfltr - ok
00:14:27.0182 4172  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:14:27.0260 4172  fsssvc - ok
00:14:27.0292 4172  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:14:27.0292 4172  Fs_Rec - ok
00:14:27.0338 4172  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:14:27.0354 4172  fvevol - ok
00:14:27.0370 4172  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:14:27.0385 4172  gagp30kx - ok
00:14:27.0416 4172  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
00:14:27.0494 4172  gpsvc - ok
00:14:27.0541 4172  gupdate - ok
00:14:27.0557 4172  gupdatem - ok
00:14:27.0588 4172  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:14:27.0604 4172  gusvc - ok
00:14:27.0650 4172  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
00:14:27.0682 4172  hamachi - ok
00:14:27.0806 4172  [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
00:14:27.0884 4172  Hamachi2Svc - ok
00:14:27.0916 4172  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:14:27.0947 4172  hcw85cir - ok
00:14:27.0978 4172  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:14:28.0009 4172  HdAudAddService - ok
00:14:28.0025 4172  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:14:28.0056 4172  HDAudBus - ok
00:14:28.0056 4172  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
00:14:28.0087 4172  HidBatt - ok
00:14:28.0118 4172  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:14:28.0134 4172  HidBth - ok
00:14:28.0134 4172  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
00:14:28.0150 4172  HidIr - ok
00:14:28.0165 4172  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
00:14:28.0212 4172  hidserv - ok
00:14:28.0259 4172  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:14:28.0306 4172  HidUsb - ok
00:14:28.0337 4172  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:14:28.0430 4172  hkmsvc - ok
00:14:28.0446 4172  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:14:28.0493 4172  HomeGroupListener - ok
00:14:28.0524 4172  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:14:28.0555 4172  HomeGroupProvider - ok
00:14:28.0586 4172  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:14:28.0586 4172  HpSAMD - ok
00:14:28.0618 4172  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:14:28.0664 4172  HTTP - ok
00:14:28.0711 4172  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:14:28.0711 4172  hwpolicy - ok
00:14:28.0758 4172  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:14:28.0789 4172  i8042prt - ok
00:14:28.0837 4172  [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
00:14:28.0853 4172  iaStor - ok
00:14:28.0931 4172  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:14:28.0946 4172  iaStorV - ok
00:14:29.0009 4172  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:14:29.0087 4172  idsvc - ok
00:14:29.0352 4172  [ EFE5A0AF39A8E179624117C521F1E012 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
00:14:29.0726 4172  igfx - ok
00:14:29.0773 4172  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:14:29.0773 4172  iirsp - ok
00:14:29.0820 4172  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
00:14:29.0898 4172  IKEEXT - ok
00:14:30.0038 4172  [ 9F573C952961F444F400489E81ECA381 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:14:30.0147 4172  IntcAzAudAddService - ok
00:14:30.0225 4172  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
00:14:30.0257 4172  IntcDAud - ok
00:14:30.0288 4172  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
00:14:30.0303 4172  intelide - ok
00:14:30.0319 4172  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:14:30.0350 4172  intelppm - ok
00:14:30.0381 4172  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:14:30.0444 4172  IPBusEnum - ok
00:14:30.0459 4172  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:14:30.0553 4172  IpFilterDriver - ok
00:14:30.0584 4172  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:14:30.0631 4172  iphlpsvc - ok
00:14:30.0647 4172  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:14:30.0662 4172  IPMIDRV - ok
00:14:30.0678 4172  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:14:30.0725 4172  IPNAT - ok
00:14:30.0756 4172  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:14:30.0771 4172  IRENUM - ok
00:14:30.0787 4172  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:14:30.0803 4172  isapnp - ok
00:14:30.0818 4172  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:14:30.0834 4172  iScsiPrt - ok
00:14:30.0849 4172  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:14:30.0865 4172  kbdclass - ok
00:14:30.0896 4172  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:14:30.0912 4172  kbdhid - ok
00:14:30.0959 4172  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
00:14:30.0990 4172  kbfiltr - ok
00:14:31.0005 4172  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
00:14:31.0021 4172  KeyIso - ok
00:14:31.0052 4172  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:14:31.0052 4172  KSecDD - ok
00:14:31.0083 4172  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:14:31.0099 4172  KSecPkg - ok
00:14:31.0115 4172  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:14:31.0161 4172  ksthunk - ok
00:14:31.0193 4172  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:14:31.0239 4172  KtmRm - ok
00:14:31.0255 4172  [ 033B4AED2C5519072C0D81E00804D003 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
00:14:31.0286 4172  L1C - ok
00:14:31.0317 4172  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:14:31.0364 4172  LanmanServer - ok
00:14:31.0411 4172  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:14:31.0442 4172  LanmanWorkstation - ok
00:14:31.0520 4172  [ 7772DFAB22611050B79504E671B06E6E ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
00:14:31.0551 4172  LBTServ - ok
00:14:31.0583 4172  [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:14:31.0598 4172  LHidFilt - ok
00:14:31.0629 4172  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:14:31.0676 4172  lltdio - ok
00:14:31.0707 4172  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:14:31.0754 4172  lltdsvc - ok
00:14:31.0770 4172  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:14:31.0801 4172  lmhosts - ok
00:14:31.0817 4172  [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:14:31.0817 4172  LMouFilt - ok
00:14:31.0879 4172  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:14:31.0879 4172  LSI_FC - ok
00:14:31.0895 4172  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:14:31.0895 4172  LSI_SAS - ok
00:14:31.0910 4172  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
00:14:31.0910 4172  LSI_SAS2 - ok
00:14:31.0910 4172  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:14:31.0926 4172  LSI_SCSI - ok
00:14:31.0957 4172  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
00:14:32.0035 4172  luafv - ok
00:14:32.0066 4172  [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
00:14:32.0082 4172  LUsbFilt - ok
00:14:32.0097 4172  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:14:32.0129 4172  MBAMProtector - ok
00:14:32.0207 4172  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:14:32.0238 4172  MBAMScheduler - ok
00:14:32.0285 4172  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:14:32.0300 4172  MBAMService - ok
00:14:32.0331 4172  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:14:32.0363 4172  Mcx2Svc - ok
00:14:32.0378 4172  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:14:32.0378 4172  megasas - ok
00:14:32.0409 4172  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
00:14:32.0425 4172  MegaSR - ok
00:14:32.0472 4172  [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
00:14:32.0503 4172  MEIx64 - ok
00:14:32.0519 4172  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
00:14:32.0612 4172  MMCSS - ok
00:14:32.0628 4172  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
00:14:32.0659 4172  Modem - ok
00:14:32.0690 4172  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:14:32.0721 4172  monitor - ok
00:14:32.0753 4172  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:14:32.0753 4172  mouclass - ok
00:14:32.0768 4172  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:14:32.0799 4172  mouhid - ok
00:14:32.0831 4172  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:14:32.0846 4172  mountmgr - ok
00:14:32.0893 4172  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:14:32.0924 4172  MozillaMaintenance - ok
00:14:32.0955 4172  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:14:32.0971 4172  mpio - ok
00:14:32.0987 4172  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:14:33.0033 4172  mpsdrv - ok
00:14:33.0096 4172  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:14:33.0205 4172  MpsSvc - ok
00:14:33.0221 4172  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:14:33.0252 4172  MRxDAV - ok
00:14:33.0283 4172  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:14:33.0330 4172  mrxsmb - ok
00:14:33.0361 4172  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:14:33.0392 4172  mrxsmb10 - ok
00:14:33.0408 4172  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:14:33.0455 4172  mrxsmb20 - ok
00:14:33.0486 4172  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:14:33.0501 4172  msahci - ok
00:14:33.0517 4172  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:14:33.0517 4172  msdsm - ok
00:14:33.0533 4172  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
00:14:33.0564 4172  MSDTC - ok
00:14:33.0579 4172  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:14:33.0611 4172  Msfs - ok
00:14:33.0626 4172  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:14:33.0673 4172  mshidkmdf - ok
00:14:33.0689 4172  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:14:33.0689 4172  msisadrv - ok
00:14:33.0720 4172  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:14:33.0782 4172  MSiSCSI - ok
00:14:33.0782 4172  msiserver - ok
00:14:33.0813 4172  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:14:33.0845 4172  MSKSSRV - ok
00:14:33.0845 4172  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:14:33.0891 4172  MSPCLOCK - ok
00:14:33.0907 4172  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:14:33.0938 4172  MSPQM - ok
00:14:33.0969 4172  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:14:33.0985 4172  MsRPC - ok
00:14:34.0001 4172  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:14:34.0001 4172  mssmbios - ok
00:14:34.0016 4172  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:14:34.0047 4172  MSTEE - ok
00:14:34.0063 4172  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
00:14:34.0079 4172  MTConfig - ok
00:14:34.0110 4172  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:14:34.0110 4172  Mup - ok
00:14:34.0141 4172  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
00:14:34.0219 4172  napagent - ok
00:14:34.0250 4172  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:14:34.0281 4172  NativeWifiP - ok
00:14:34.0328 4172  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:14:34.0375 4172  NDIS - ok
00:14:34.0406 4172  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:14:34.0453 4172  NdisCap - ok
00:14:34.0484 4172  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:14:34.0531 4172  NdisTapi - ok
00:14:34.0547 4172  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:14:34.0578 4172  Ndisuio - ok
00:14:34.0593 4172  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:14:34.0640 4172  NdisWan - ok
00:14:34.0671 4172  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:14:34.0703 4172  NDProxy - ok
00:14:34.0734 4172  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:14:34.0781 4172  NetBIOS - ok
00:14:34.0781 4172  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:14:34.0827 4172  NetBT - ok
00:14:34.0843 4172  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
00:14:34.0859 4172  Netlogon - ok
00:14:34.0890 4172  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
00:14:34.0937 4172  Netman - ok
00:14:34.0983 4172  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:14:35.0030 4172  NetMsmqActivator - ok
00:14:35.0046 4172  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:14:35.0061 4172  NetPipeActivator - ok
00:14:35.0093 4172  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
00:14:35.0155 4172  netprofm - ok
00:14:35.0171 4172  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:14:35.0186 4172  NetTcpActivator - ok
00:14:35.0186 4172  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:14:35.0186 4172  NetTcpPortSharing - ok
00:14:35.0217 4172  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:14:35.0233 4172  nfrd960 - ok
00:14:35.0249 4172  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:14:35.0264 4172  NlaSvc - ok
00:14:35.0280 4172  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:14:35.0311 4172  Npfs - ok
00:14:35.0327 4172  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
00:14:35.0358 4172  nsi - ok
00:14:35.0373 4172  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:14:35.0405 4172  nsiproxy - ok
00:14:35.0467 4172  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:14:35.0514 4172  Ntfs - ok
00:14:35.0529 4172  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
00:14:35.0576 4172  Null - ok
00:14:35.0873 4172  [ 07CA1D99512EE5EF99E954A13F3BFFA8 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:14:36.0216 4172  nvlddmkm - ok
00:14:36.0231 4172  [ A8DB9EBD9887A9820DBC1878F0301EE7 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
00:14:36.0247 4172  nvpciflt - ok
00:14:36.0294 4172  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:14:36.0325 4172  nvraid - ok
00:14:36.0341 4172  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:14:36.0356 4172  nvstor - ok
00:14:36.0403 4172  [ 9007A22A1938A9EF81CA5122121ECCD8 ] NVSvc           C:\Windows\system32\nvvsvc.exe
00:14:36.0450 4172  NVSvc - ok
00:14:36.0543 4172  [ 00572C26C6DCF99362068FB7283B7126 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
00:14:36.0637 4172  nvUpdatusService - ok
00:14:36.0668 4172  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:14:36.0684 4172  nv_agp - ok
00:14:36.0684 4172  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:14:36.0715 4172  ohci1394 - ok
00:14:36.0777 4172  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:14:36.0809 4172  ose - ok
00:14:36.0996 4172  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:14:37.0074 4172  osppsvc - ok
00:14:37.0089 4172  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:14:37.0121 4172  p2pimsvc - ok
00:14:37.0152 4172  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:14:37.0167 4172  p2psvc - ok
00:14:37.0199 4172  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
00:14:37.0214 4172  Parport - ok
00:14:37.0230 4172  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:14:37.0245 4172  partmgr - ok
00:14:37.0261 4172  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:14:37.0308 4172  PcaSvc - ok
00:14:37.0323 4172  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
00:14:37.0339 4172  pci - ok
00:14:37.0355 4172  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
00:14:37.0355 4172  pciide - ok
00:14:37.0370 4172  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:14:37.0386 4172  pcmcia - ok
00:14:37.0401 4172  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:14:37.0417 4172  pcw - ok
00:14:37.0433 4172  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:14:37.0479 4172  PEAUTH - ok
00:14:37.0557 4172  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:14:37.0620 4172  PerfHost - ok
00:14:37.0682 4172  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
00:14:37.0776 4172  pla - ok
00:14:37.0854 4172  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:14:37.0901 4172  PlugPlay - ok
00:14:37.0901 4172  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:14:37.0932 4172  PNRPAutoReg - ok
00:14:37.0947 4172  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:14:37.0947 4172  PNRPsvc - ok
00:14:37.0994 4172  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:14:38.0088 4172  PolicyAgent - ok
00:14:38.0103 4172  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
00:14:38.0150 4172  Power - ok
00:14:38.0181 4172  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:14:38.0228 4172  PptpMiniport - ok
00:14:38.0244 4172  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
00:14:38.0259 4172  Processor - ok
00:14:38.0291 4172  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:14:38.0353 4172  ProfSvc - ok
00:14:38.0369 4172  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:14:38.0384 4172  ProtectedStorage - ok
00:14:38.0431 4172  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:14:38.0478 4172  Psched - ok
00:14:38.0540 4172  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:14:38.0587 4172  ql2300 - ok
00:14:38.0587 4172  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:14:38.0603 4172  ql40xx - ok
00:14:38.0618 4172  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
00:14:38.0649 4172  QWAVE - ok
00:14:38.0649 4172  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:14:38.0696 4172  QWAVEdrv - ok
00:14:38.0712 4172  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:14:38.0743 4172  RasAcd - ok
00:14:38.0790 4172  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:14:38.0852 4172  RasAgileVpn - ok
00:14:38.0883 4172  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
00:14:38.0946 4172  RasAuto - ok
00:14:38.0961 4172  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:14:38.0993 4172  Rasl2tp - ok
00:14:39.0024 4172  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
00:14:39.0055 4172  RasMan - ok
00:14:39.0071 4172  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:14:39.0102 4172  RasPppoe - ok
00:14:39.0117 4172  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:14:39.0164 4172  RasSstp - ok
00:14:39.0180 4172  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:14:39.0227 4172  rdbss - ok
00:14:39.0242 4172  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
00:14:39.0258 4172  rdpbus - ok
00:14:39.0273 4172  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:14:39.0305 4172  RDPCDD - ok
00:14:39.0320 4172  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:14:39.0367 4172  RDPENCDD - ok
00:14:39.0383 4172  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:14:39.0414 4172  RDPREFMP - ok
00:14:39.0445 4172  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:14:39.0492 4172  RDPWD - ok
00:14:39.0523 4172  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:14:39.0539 4172  rdyboost - ok
00:14:39.0570 4172  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:14:39.0632 4172  RemoteAccess - ok
00:14:39.0663 4172  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:14:39.0710 4172  RemoteRegistry - ok
00:14:39.0741 4172  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
00:14:39.0773 4172  RFCOMM - ok
00:14:39.0788 4172  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:14:39.0819 4172  RpcEptMapper - ok
00:14:39.0851 4172  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
00:14:39.0866 4172  RpcLocator - ok
00:14:39.0882 4172  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
00:14:39.0929 4172  RpcSs - ok
00:14:39.0960 4172  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:14:39.0991 4172  rspndr - ok
00:14:40.0038 4172  [ E57FAC2CDB73F06586ED2ED310B80932 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
00:14:40.0069 4172  RSUSBVSTOR - ok
00:14:40.0100 4172  [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
00:14:40.0116 4172  RTL8167 - ok
00:14:40.0116 4172  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
00:14:40.0131 4172  SamSs - ok
00:14:40.0147 4172  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:14:40.0163 4172  sbp2port - ok
00:14:40.0194 4172  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:14:40.0225 4172  SCardSvr - ok
00:14:40.0241 4172  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:14:40.0287 4172  scfilter - ok
00:14:40.0319 4172  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
00:14:40.0381 4172  Schedule - ok
00:14:40.0412 4172  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:14:40.0443 4172  SCPolicySvc - ok
00:14:40.0443 4172  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:14:40.0506 4172  SDRSVC - ok
00:14:40.0521 4172  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:14:40.0568 4172  secdrv - ok
00:14:40.0599 4172  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
00:14:40.0631 4172  seclogon - ok
00:14:40.0646 4172  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
00:14:40.0677 4172  SENS - ok
00:14:40.0693 4172  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:14:40.0724 4172  SensrSvc - ok
00:14:40.0755 4172  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
00:14:40.0771 4172  Serenum - ok
00:14:40.0787 4172  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
00:14:40.0818 4172  Serial - ok
00:14:40.0833 4172  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:14:40.0865 4172  sermouse - ok
00:14:40.0896 4172  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:14:40.0943 4172  SessionEnv - ok
00:14:40.0943 4172  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:14:40.0974 4172  sffdisk - ok
00:14:40.0989 4172  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:14:41.0021 4172  sffp_mmc - ok
00:14:41.0021 4172  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:14:41.0036 4172  sffp_sd - ok
00:14:41.0036 4172  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
00:14:41.0052 4172  sfloppy - ok
00:14:41.0083 4172  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:14:41.0145 4172  SharedAccess - ok
00:14:41.0177 4172  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:14:41.0223 4172  ShellHWDetection - ok
00:14:41.0239 4172  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
00:14:41.0255 4172  SiSGbeLH - ok
00:14:41.0286 4172  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
00:14:41.0286 4172  SiSRaid2 - ok
00:14:41.0301 4172  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:14:41.0301 4172  SiSRaid4 - ok
00:14:41.0364 4172  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:14:41.0395 4172  SkypeUpdate - ok
00:14:41.0411 4172  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:14:41.0457 4172  Smb - ok
00:14:41.0489 4172  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:14:41.0520 4172  SNMPTRAP - ok
00:14:41.0520 4172  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:14:41.0535 4172  spldr - ok
00:14:41.0567 4172  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
00:14:41.0613 4172  Spooler - ok
00:14:41.0707 4172  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
00:14:41.0832 4172  sppsvc - ok
00:14:41.0863 4172  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:14:41.0894 4172  sppuinotify - ok
00:14:41.0972 4172  [ 8978ED1D492B1A430857A43CDD130AED ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
00:14:42.0003 4172  SpyHunter 4 Service - ok
00:14:42.0035 4172  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:14:42.0066 4172  srv - ok
00:14:42.0081 4172  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:14:42.0113 4172  srv2 - ok
00:14:42.0128 4172  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:14:42.0144 4172  srvnet - ok
00:14:42.0191 4172  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:14:42.0253 4172  SSDPSRV - ok
00:14:42.0269 4172  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:14:42.0315 4172  SstpSvc - ok
00:14:42.0362 4172  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
00:14:42.0362 4172  stexstor - ok
00:14:42.0393 4172  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
00:14:42.0425 4172  stisvc - ok
00:14:42.0440 4172  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:14:42.0456 4172  swenum - ok
00:14:42.0471 4172  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
00:14:42.0503 4172  swprv - ok
00:14:42.0590 4172  [ F0D7C68CDA9784689CAA72C17AF393B2 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
00:14:42.0666 4172  SynTP - ok
00:14:42.0701 4172  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
00:14:42.0765 4172  SysMain - ok
00:14:42.0778 4172  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:14:42.0815 4172  TabletInputService - ok
00:14:42.0863 4172  [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t        C:\Windows\system32\DRIVERS\tap0901t.sys
00:14:42.0887 4172  tap0901t ( UnsignedFile.Multi.Generic ) - warning
00:14:42.0887 4172  tap0901t - detected UnsignedFile.Multi.Generic (1)
00:14:42.0923 4172  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:14:42.0979 4172  TapiSrv - ok
00:14:42.0996 4172  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
00:14:43.0033 4172  TBS - ok
00:14:43.0107 4172  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:14:43.0174 4172  Tcpip - ok
00:14:43.0243 4172  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:14:43.0298 4172  TCPIP6 - ok
00:14:43.0315 4172  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:14:43.0342 4172  tcpipreg - ok
00:14:43.0371 4172  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:14:43.0379 4172  TDPIPE - ok
00:14:43.0421 4172  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:14:43.0456 4172  TDTCP - ok
00:14:43.0476 4172  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:14:43.0546 4172  tdx - ok
00:14:43.0558 4172  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:14:43.0567 4172  TermDD - ok
00:14:43.0594 4172  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
00:14:43.0641 4172  TermService - ok
00:14:43.0657 4172  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
00:14:43.0688 4172  Themes - ok
00:14:43.0704 4172  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
00:14:43.0735 4172  THREADORDER - ok
00:14:43.0813 4172  [ 69D76CE06BB629B69165C81D83A4B03E ] TiMiniService   C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
00:14:43.0844 4172  TiMiniService - ok
00:14:43.0875 4172  [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
00:14:43.0891 4172  tmactmon - ok
00:14:43.0891 4172  [ 360E61217D4E1E333583D0C721057F70 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
00:14:43.0906 4172  tmcomm - ok
00:14:43.0922 4172  [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
00:14:43.0938 4172  tmevtmgr - ok
00:14:43.0953 4172  [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
00:14:43.0969 4172  tmtdi - ok
00:14:43.0984 4172  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
00:14:44.0016 4172  TrkWks - ok
00:14:44.0078 4172  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:14:44.0156 4172  TrustedInstaller - ok
00:14:44.0187 4172  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:14:44.0250 4172  tssecsrv - ok
00:14:44.0265 4172  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:14:44.0296 4172  TsUsbFlt - ok
00:14:44.0296 4172  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
00:14:44.0328 4172  TsUsbGD - ok
00:14:44.0359 4172  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:14:44.0390 4172  tunnel - ok
00:14:44.0452 4172  [ 1A5F1301C1EA3B49D1222E9CBB552EBB ] TunngleService  C:\Program Files (x86)\Tunngle\TnglCtrl.exe
00:14:44.0499 4172  TunngleService - ok
00:14:44.0530 4172  [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
00:14:44.0546 4172  TurboB - ok
00:14:44.0562 4172  [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:14:44.0577 4172  TurboBoost - ok
00:14:44.0593 4172  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:14:44.0593 4172  uagp35 - ok
00:14:44.0640 4172  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:14:44.0702 4172  udfs - ok
00:14:44.0733 4172  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:14:44.0780 4172  UI0Detect - ok
00:14:44.0811 4172  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:14:44.0827 4172  uliagpkx - ok
00:14:44.0874 4172  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:14:44.0920 4172  umbus - ok
00:14:44.0920 4172  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
00:14:44.0952 4172  UmPass - ok
00:14:44.0967 4172  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
00:14:45.0014 4172  upnphost - ok
00:14:45.0045 4172  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:14:45.0092 4172  usbccgp - ok
00:14:45.0139 4172  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:14:45.0186 4172  usbcir - ok
00:14:45.0232 4172  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
00:14:45.0248 4172  usbehci - ok
00:14:45.0279 4172  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:14:45.0310 4172  usbhub - ok
00:14:45.0326 4172  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:14:45.0342 4172  usbohci - ok
00:14:45.0357 4172  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:14:45.0388 4172  usbprint - ok
00:14:45.0420 4172  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:14:45.0451 4172  usbscan - ok
00:14:45.0482 4172  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:14:45.0513 4172  USBSTOR - ok
00:14:45.0529 4172  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:14:45.0560 4172  usbuhci - ok
00:14:45.0607 4172  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
00:14:45.0638 4172  usbvideo - ok
00:14:45.0669 4172  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
00:14:45.0700 4172  UxSms - ok
00:14:45.0716 4172  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
00:14:45.0732 4172  VaultSvc - ok
00:14:45.0747 4172  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:14:45.0763 4172  vdrvroot - ok
00:14:45.0778 4172  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
00:14:45.0825 4172  vds - ok
00:14:45.0856 4172  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:14:45.0872 4172  vga - ok
00:14:45.0888 4172  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:14:45.0903 4172  VgaSave - ok
00:14:45.0919 4172  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:14:45.0919 4172  vhdmp - ok
00:14:45.0934 4172  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:14:45.0934 4172  viaide - ok
00:14:45.0966 4172  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:14:45.0981 4172  volmgr - ok
00:14:45.0997 4172  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:14:46.0012 4172  volmgrx - ok
00:14:46.0028 4172  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:14:46.0028 4172  volsnap - ok
00:14:46.0090 4172  [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
00:14:46.0122 4172  vpnagent - ok
00:14:46.0137 4172  [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
00:14:46.0153 4172  vpnva - ok
00:14:46.0184 4172  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:14:46.0200 4172  vsmraid - ok
00:14:46.0231 4172  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
00:14:46.0309 4172  VSS - ok
00:14:46.0324 4172  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
00:14:46.0340 4172  vwifibus - ok
00:14:46.0371 4172  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
00:14:46.0387 4172  vwififlt - ok
00:14:46.0418 4172  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
00:14:46.0465 4172  W32Time - ok
00:14:46.0496 4172  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:14:46.0512 4172  WacomPen - ok
00:14:46.0543 4172  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:14:46.0558 4172  WANARP - ok
00:14:46.0574 4172  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:14:46.0605 4172  Wanarpv6 - ok
00:14:46.0652 4172  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
00:14:46.0714 4172  wbengine - ok
00:14:46.0730 4172  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:14:46.0761 4172  WbioSrvc - ok
00:14:46.0777 4172  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:14:46.0824 4172  wcncsvc - ok
00:14:46.0824 4172  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:14:46.0870 4172  WcsPlugInService - ok
00:14:46.0917 4172  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
00:14:46.0933 4172  Wd - ok
00:14:46.0980 4172  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:14:47.0042 4172  Wdf01000 - ok
00:14:47.0058 4172  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:14:47.0089 4172  WdiServiceHost - ok
00:14:47.0104 4172  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:14:47.0120 4172  WdiSystemHost - ok
00:14:47.0136 4172  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
00:14:47.0167 4172  WebClient - ok
00:14:47.0182 4172  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:14:47.0229 4172  Wecsvc - ok
00:14:47.0245 4172  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:14:47.0276 4172  wercplsupport - ok
00:14:47.0307 4172  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:14:47.0338 4172  WerSvc - ok
00:14:47.0370 4172  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:14:47.0401 4172  WfpLwf - ok
00:14:47.0448 4172  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
00:14:47.0479 4172  WimFltr - ok
00:14:47.0510 4172  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:14:47.0526 4172  WIMMount - ok
00:14:47.0541 4172  WinDefend - ok
00:14:47.0557 4172  WinHttpAutoProxySvc - ok
00:14:47.0619 4172  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:14:47.0697 4172  Winmgmt - ok
00:14:47.0760 4172  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
00:14:47.0900 4172  WinRM - ok
00:14:47.0947 4172  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:14:47.0978 4172  Wlansvc - ok
00:14:48.0040 4172  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:14:48.0056 4172  wlcrasvc - ok
00:14:48.0165 4172  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:14:48.0274 4172  wlidsvc - ok
00:14:48.0290 4172  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
00:14:48.0306 4172  WmiAcpi - ok
00:14:48.0352 4172  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:14:48.0368 4172  wmiApSrv - ok
00:14:48.0415 4172  WMPNetworkSvc - ok
00:14:48.0430 4172  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:14:48.0462 4172  WPCSvc - ok
00:14:48.0477 4172  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:14:48.0493 4172  WPDBusEnum - ok
00:14:48.0524 4172  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:14:48.0571 4172  ws2ifsl - ok
00:14:48.0586 4172  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
00:14:48.0602 4172  wscsvc - ok
00:14:48.0602 4172  WSearch - ok
00:14:48.0680 4172  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:14:48.0789 4172  wuauserv - ok
00:14:48.0805 4172  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:14:48.0852 4172  WudfPf - ok
00:14:48.0914 4172  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:14:48.0945 4172  WUDFRd - ok
00:14:48.0992 4172  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:14:49.0023 4172  wudfsvc - ok
00:14:49.0054 4172  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:14:49.0086 4172  WwanSvc - ok
00:14:49.0132 4172  ================ Scan global ===============================
00:14:49.0164 4172  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:14:49.0210 4172  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
00:14:49.0210 4172  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
00:14:49.0242 4172  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:14:49.0257 4172  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:14:49.0257 4172  [Global] - ok
00:14:49.0257 4172  ================ Scan MBR ==================================
00:14:49.0273 4172  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:14:49.0694 4172  \Device\Harddisk0\DR0 - ok
00:14:49.0694 4172  ================ Scan VBR ==================================
00:14:49.0694 4172  [ B64A48BFD40272B21C9532B283E55DD8 ] \Device\Harddisk0\DR0\Partition1
00:14:49.0694 4172  \Device\Harddisk0\DR0\Partition1 - ok
00:14:49.0725 4172  [ 4838A59ED82F09BCD57C86DA415D9CDF ] \Device\Harddisk0\DR0\Partition2
00:14:49.0725 4172  \Device\Harddisk0\DR0\Partition2 - ok
00:14:49.0725 4172  ============================================================
00:14:49.0725 4172  Scan finished
00:14:49.0725 4172  ============================================================
00:14:49.0756 5844  Detected object count: 1
00:14:49.0756 5844  Actual detected object count: 1
00:15:06.0293 5844  tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
00:15:06.0293 5844  tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 20.12.2012, 15:22   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.12.2012, 18:43   #9
Niklas.Günth
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



Vielen Dank,
hier ist der combofix-log:

Code:
ATTFilter
ComboFix 12-12-20.02 - Niklas 20.12.2012  16:08:29.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6056.4264 [GMT 1:00]
ausgeführt von:: c:\users\Niklas\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Niklas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-20 bis 2012-12-20  ))))))))))))))))))))))))))))))
.
.
2012-12-20 15:22 . 2012-12-20 15:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-20 15:22 . 2012-12-20 15:22	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-12-17 11:44 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-17 11:44 . 2012-12-17 11:44	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-17 10:54 . 2012-12-17 10:54	--------	d-----w-	c:\program files\Enigma Software Group
2012-12-17 10:51 . 2012-12-20 15:02	--------	d-----w-	c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-17 10:51 . 2012-12-17 10:51	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-12-13 09:55 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-13 09:55 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-12 17:01 . 2012-12-12 17:01	--------	d-----w-	c:\users\Niklas\AppData\Local\Cisco
2012-12-12 17:01 . 2012-12-12 17:01	--------	d-----w-	c:\program files (x86)\Cisco
2012-12-12 16:58 . 2012-12-12 17:01	--------	d-----w-	c:\programdata\Cisco
2012-12-11 17:14 . 2012-12-11 17:14	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2012-11-26 13:59 . 2012-11-26 13:59	--------	d-----w-	c:\users\Niklas\AppData\Local\Help
2012-11-26 13:39 . 2012-11-26 15:38	--------	d-----w-	c:\programdata\BewerbungsMaster
2012-11-26 13:36 . 2012-11-26 13:59	--------	d-----w-	c:\program files (x86)\BEWERBUNGSMASTER
2012-11-26 13:36 . 2012-11-26 13:36	266240	------w-	c:\windows\Setup1.exe
2012-11-26 13:36 . 2012-11-26 13:36	74752	----a-w-	c:\windows\ST6UNST.EXE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-20 14:03 . 2011-10-03 20:40	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-12-14 07:15 . 2011-10-04 08:28	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-29 12:15 . 2012-05-23 13:20	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-29 12:15 . 2011-11-16 17:35	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-26 13:37 . 2012-06-06 06:49	1070352	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2012-10-27 09:12 . 2012-10-27 09:12	42440	----a-w-	c:\windows\SysWow64\xfcodec.dll
2012-10-27 09:12 . 2012-10-27 09:12	28104	----a-w-	c:\windows\system32\xfcodec64.dll
2012-10-17 17:30 . 2012-10-17 17:30	10744	----a-w-	c:\windows\SysWow64\vpncategories.dll
2012-10-17 17:30 . 2012-10-17 17:30	33784	----a-w-	c:\windows\SysWow64\vpnevents.dll
2012-10-17 17:13 . 2012-10-17 17:13	27048	----a-w-	c:\windows\system32\drivers\vpnva64.sys
2012-10-17 17:11 . 2012-10-17 17:11	107432	----a-r-	c:\windows\system32\drivers\acsock64.sys
2012-10-16 08:38 . 2012-11-28 17:17	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 17:17	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 17:17	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 12:54	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 12:54	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 12:54	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 12:54	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 09:56	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 12:54	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 12:54	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 12:54	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 12:54	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 12:54	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 12:54	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 12:54	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 12:54	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 12:54	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 12:54	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 12:54	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-14 12:53	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 12:53	95744	----a-w-	c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Facebook Update"="c:\users\Niklas\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-10-17 684024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 549040]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-7-9 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-10-02 743320]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-05-10 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1676513155-3311104889-1951587297-1002Core.job
- c:\users\Niklas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 21:17]
.
2012-12-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1676513155-3311104889-1951587297-1002UA.job
- c:\users\Niklas\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 21:17]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Niklas\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://facebook.de/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\dco25dqn.default\
FF - ExtSQL: 2012-12-04 20:55; {5384767E-00D9-40E9-B72F-9CC39D655D6F}; c:\users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\dco25dqn.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=drive&q=
FF - user.js: extensions.funmoods_i.id - a6f0b0c500000000000000ffa9f8aa58
FF - user.js: extensions.funmoods_i.instlDay - 15446
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1621:16
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - drive
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef - 
FF - user.js: extensions.funmoods_i.dfltLng - 
FF - user.js: extensions.funmoods_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-20  18:40:02
ComboFix-quarantined-files.txt  2012-12-20 17:40
.
Vor Suchlauf: 9 Verzeichnis(se), 133.118.554.112 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 137.749.639.168 Bytes frei
.
- - End Of File - - F5339A427184E34FC2A5081464FE7B1C
         

Alt 20.12.2012, 20:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



Code:
ATTFilter
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
         
Warum hast du zwei solcher Virenscanner aktiv?!
oder stimmt diese Info von Combofix nicht?!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.12.2012, 18:18   #11
Niklas.Günth
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



antivir benutze ich wissentlich, das andere ist wohl durch asus vorinstalliert gewesen. wusste ich gar nicht, beim starten der exe erscheint der text:
"Starten sie jetzt ihre kostenlose testversion". Ist also nicht aktiv oder?

Alt 22.12.2012, 20:25   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



Bitte die Testversion deinstalliern
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.12.2012, 19:30   #13
Niklas.Günth
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



Frohe Weihnachten
Habe die Testversion deinstalliert.

Alt 26.12.2012, 22:01   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.12.2012, 12:31   #15
Niklas.Günth
 
GVU- Trjaner mit Webcam - Standard

GVU- Trjaner mit Webcam



Hier die adwcleaner datei:

Code:
ATTFilter
# AdwCleaner v2.103 - Datei am 29/12/2012 um 12:30:20 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Niklas - NIKLAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Niklas\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Niklas\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\dco25dqn.default\extensions\ffxtlbr@funmoods.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Niklas\AppData\Roaming\Mozilla\Firefox\Profiles\dco25dqn.default\prefs.js

Gefunden : user_pref("extensions.funmoods_i.aflt", "drive");
Gefunden : user_pref("extensions.funmoods_i.dfltLng", "");
Gefunden : user_pref("extensions.funmoods_i.excTlbr", false);
Gefunden : user_pref("extensions.funmoods_i.id", "a6f0b0c500000000000000ffa9f8aa58");
Gefunden : user_pref("extensions.funmoods_i.instlDay", "15446");
Gefunden : user_pref("extensions.funmoods_i.instlRef", "");
Gefunden : user_pref("extensions.funmoods_i.newTab", false);
Gefunden : user_pref("extensions.funmoods_i.prdct", "funmoods");
Gefunden : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Gefunden : user_pref("extensions.funmoods_i.smplGrp", "none");
Gefunden : user_pref("extensions.funmoods_i.tlbrId", "base");
Gefunden : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=drive&q=[...]
Gefunden : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1621:16:13");
Gefunden : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");

*************************

AdwCleaner[R1].txt - [2588 octets] - [17/12/2012 11:48:35]
AdwCleaner[R2].txt - [2350 octets] - [29/12/2012 12:30:20]

########## EOF - C:\AdwCleaner[R2].txt - [2410 octets] ##########
         

Antwort

Themen zu GVU- Trjaner mit Webcam
anhang, befindet, guten, rar-datei, schonmal, trjaner, troja, webcam



Ähnliche Themen: GVU- Trjaner mit Webcam


  1. GVU-Trjaner gefangen - Windows XP
    Log-Analyse und Auswertung - 28.05.2014 (9)
  2. Trade Rush Spam - Trjaner? Wie werde ich ihn wieder los?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2014 (11)
  3. WIN-XP GVU (2.10? mit Webcam)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (9)
  4. Gvu Trojaner mit webcam
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (13)
  5. Polizei-Trjaner am 25. 7. 2012
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (8)
  6. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 20.07.2012 (8)
  7. GVU Webcam
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (9)
  8. Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes
    Log-Analyse und Auswertung - 31.03.2011 (19)
  9. Trjaner fund laut escan, bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 01.10.2007 (2)
  10. Virus oder Trjaner ???????
    Log-Analyse und Auswertung - 06.03.2007 (4)
  11. Trjaner.Keylog im System?
    Plagegeister aller Art und deren Bekämpfung - 22.02.2007 (1)
  12. Habe mir einen Trjaner eingefangen und werde ihn nicht los!!!
    Log-Analyse und Auswertung - 06.07.2006 (8)
  13. Trjaner Trojan.moo
    Plagegeister aller Art und deren Bekämpfung - 28.06.2005 (8)
  14. Trjaner eingefangen
    Log-Analyse und Auswertung - 27.04.2005 (13)
  15. trjaner on board
    Plagegeister aller Art und deren Bekämpfung - 07.10.2004 (1)
  16. msn /webcam
    Alles rund um Windows - 21.09.2004 (4)
  17. webcam
    Alles rund um Mac OSX & Linux - 09.04.2003 (2)

Zum Thema GVU- Trjaner mit Webcam - Guten Tag, ich habe mir wohl auch den GVU Trojanger gefangen. Am Anhang befindet sich eine winrar-datei mit den beiden OTL logs und dem Malwarebytes-log. Vielen Dnak schonmal im Vorraus. - GVU- Trjaner mit Webcam...
Archiv
Du betrachtest: GVU- Trjaner mit Webcam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.