Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner mit Webcam Bild auf WIN7 64Bit

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.05.2013, 22:08   #1
proto
 
GVU-Trojaner mit Webcam Bild auf WIN7 64Bit - Standard

GVU-Trojaner mit Webcam Bild auf WIN7 64Bit



Hallo
mein Nachbar hat sich so ein Trojaner eingefangen.

System Laptop Acer
WIN7 64-Bit


Wenn ich das System normal starte kommt nach einer weile das bekannte Bild mit
der Zahlungsauforderung.

Ich habe nun das System im Abgesicherten Modus gestartet damit ich überhaupt irgendwas
am Laptop machen kann.

Angemeldet habe ich mich als Administrator. Es gibt noch den normalen User mit seinem Namen.


Auf dem USB Stick habe ich schon folgende Programme parat

- OTL.exe
- Malwarebytes mit einer Aktuellen rules.ref aus einem sauberen System
- Emsisoft Anti-Malware (kann man das auch offline aktuallisieren? )
- adwcleaner.exe


Mir geht es in erster Linie darum was an Schadsof drauf ist und seit wann, falls dies möglich ist? Dann wichtige Daten kopieren und später das ganze System platt machen und neu aufsetzten.

Danke für die Unterstützung!

Anbei die OTL Logs

Alt 15.05.2013, 22:12   #2
markusg
/// Malware-holic
 
GVU-Trojaner mit Webcam Bild auf WIN7 64Bit - Standard

GVU-Trojaner mit Webcam Bild auf WIN7 64Bit



hi
kannst du auch im abges modus, betroffener nutzer das otl log erstellen?
__________________

__________________

Alt 15.05.2013, 22:14   #3
proto
 
GVU-Trojaner mit Webcam Bild auf WIN7 64Bit - Standard

GVU-Trojaner mit Webcam Bild auf WIN7 64Bit



mus ich mal probieren einen mom

es läuft ....

So anbei der Log vom User
__________________

Geändert von proto (15.05.2013 um 22:40 Uhr)

Alt 15.05.2013, 22:15   #4
markusg
/// Malware-holic
 
GVU-Trojaner mit Webcam Bild auf WIN7 64Bit - Standard

GVU-Trojaner mit Webcam Bild auf WIN7 64Bit



lass mal solche zwischenposts weg, da der nächste dann an den vorhergehenen angehangen wird, muss ich dann immer reinschaun
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.05.2013, 22:41   #5
proto
 
GVU-Trojaner mit Webcam Bild auf WIN7 64Bit - Standard

GVU-Trojaner mit Webcam Bild auf WIN7 64Bit



ok sorry hier nochmal

anbei die Datei


Alt 15.05.2013, 22:46   #6
markusg
/// Malware-holic
 
GVU-Trojaner mit Webcam Bild auf WIN7 64Bit - Standard

GVU-Trojaner mit Webcam Bild auf WIN7 64Bit



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-2445217360-1134911335-3497317240-1001..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\USERXYZ\Documents\1663780d.exe ()
[2013.05.15 15:03:36 | 001,084,733 | ---- | M] () -- C:\ProgramData\2433f433
[2013.05.15 15:03:36 | 001,084,714 | ---- | M] () -- C:\Users\USERXYZ\AppData\Local\2433f433
[2013.05.15 15:03:36 | 001,084,696 | ---- | M] () -- C:\Users\USERXYZ\AppData\Roaming\2433f433
[2013.05.15 15:03:23 | 000,025,088 | ---- | M] () -- C:\Users\USERXYZ\Documents\1663780d.exe

:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
--> GVU-Trojaner mit Webcam Bild auf WIN7 64Bit

Alt 15.05.2013, 23:03   #7
proto
 
GVU-Trojaner mit Webcam Bild auf WIN7 64Bit - Standard

GVU-Trojaner mit Webcam Bild auf WIN7 64Bit



Datei: MovedFiles.zip_1 empfangen

Vorgang erfolgreich abgeschlossen.

Alt 15.05.2013, 23:19   #8
markusg
/// Malware-holic
 
GVU-Trojaner mit Webcam Bild auf WIN7 64Bit - Standard

GVU-Trojaner mit Webcam Bild auf WIN7 64Bit



Danke fürs hochladen.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.05.2013, 23:24   #9
proto
 
GVU-Trojaner mit Webcam Bild auf WIN7 64Bit - Standard

GVU-Trojaner mit Webcam Bild auf WIN7 64Bit



Code:
ATTFilter
00:21:30.0953 5556  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:21:30.0969 5556  ============================================================
00:21:30.0969 5556  Current date / time: 2013/05/16 00:21:30.0969
00:21:30.0969 5556  SystemInfo:
00:21:30.0969 5556  
00:21:30.0969 5556  OS Version: 6.1.7601 ServicePack: 1.0
00:21:30.0969 5556  Product type: Workstation
00:21:30.0969 5556  ComputerName: USERXYZ-PC
00:21:30.0969 5556  UserName: USERXYZ
00:21:30.0969 5556  Windows directory: C:\Windows
00:21:30.0969 5556  System windows directory: C:\Windows
00:21:30.0969 5556  Running under WOW64
00:21:30.0969 5556  Processor architecture: Intel x64
00:21:30.0969 5556  Number of processors: 4
00:21:30.0969 5556  Page size: 0x1000
00:21:30.0969 5556  Boot type: Normal boot
00:21:30.0969 5556  ============================================================
00:21:31.0593 5556  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:21:31.0609 5556  Drive \Device\Harddisk1\DR3 - Size: 0xE74B0000 (3.61 Gb), SectorSize: 0x200, Cylinders: 0x1D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:21:31.0609 5556  ============================================================
00:21:31.0609 5556  \Device\Harddisk0\DR0:
00:21:31.0609 5556  MBR partitions:
00:21:31.0609 5556  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
00:21:31.0609 5556  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
00:21:31.0609 5556  \Device\Harddisk1\DR3:
00:21:31.0609 5556  MBR partitions:
00:21:31.0609 5556  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x73A541
00:21:31.0609 5556  ============================================================
00:21:31.0624 5556  C: <-> \Device\Harddisk0\DR0\Partition2
00:21:31.0624 5556  ============================================================
00:21:31.0624 5556  Initialize success
00:21:31.0624 5556  ============================================================
00:21:56.0444 4428  ============================================================
00:21:56.0444 4428  Scan started
00:21:56.0444 4428  Mode: Manual; SigCheck; TDLFS; 
00:21:56.0444 4428  ============================================================
00:21:56.0584 4428  ================ Scan system memory ========================
00:21:56.0584 4428  System memory - ok
00:21:56.0584 4428  ================ Scan services =============================
00:21:56.0787 4428  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:21:56.0881 4428  1394ohci - ok
00:21:56.0943 4428  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:21:56.0959 4428  ACPI - ok
00:21:57.0006 4428  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:21:57.0052 4428  AcpiPmi - ok
00:21:57.0193 4428  [ F3CD7B20B27D1772C946DF993FF3635C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:21:57.0208 4428  AdobeFlashPlayerUpdateSvc - ok
00:21:57.0271 4428  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
00:21:57.0302 4428  adp94xx - ok
00:21:57.0318 4428  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
00:21:57.0349 4428  adpahci - ok
00:21:57.0349 4428  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
00:21:57.0364 4428  adpu320 - ok
00:21:57.0427 4428  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
00:21:57.0489 4428  AFD - ok
00:21:57.0536 4428  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:21:57.0552 4428  agp440 - ok
00:21:57.0770 4428  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
00:21:57.0770 4428  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
00:21:57.0770 4428  Akamai ( HiddenFile.Multi.Generic ) - warning
00:21:57.0770 4428  Akamai - detected HiddenFile.Multi.Generic (1)
00:21:57.0801 4428  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
00:21:57.0848 4428  ALG - ok
00:21:57.0910 4428  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:21:57.0926 4428  aliide - ok
00:21:57.0988 4428  [ FF779F9DE1CDF477033858B7681CEDA8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:21:58.0035 4428  AMD External Events Utility - ok
00:21:58.0098 4428  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
00:21:58.0113 4428  amdide - ok
00:21:58.0160 4428  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
00:21:58.0222 4428  AmdK8 - ok
00:21:58.0363 4428  [ EF2B99DCEE397B45F50594696D7B5339 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
00:21:58.0659 4428  amdkmdag - ok
00:21:58.0706 4428  [ 239DCE60BEE6E1576C803948AB4D54C5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
00:21:58.0753 4428  amdkmdap - ok
00:21:58.0800 4428  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:21:58.0831 4428  AmdPPM - ok
00:21:58.0878 4428  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:21:58.0893 4428  amdsata - ok
00:21:58.0924 4428  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
00:21:58.0940 4428  amdsbs - ok
00:21:58.0971 4428  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:21:58.0987 4428  amdxata - ok
00:21:59.0080 4428  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:21:59.0096 4428  AntiVirSchedulerService - ok
00:21:59.0158 4428  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:21:59.0158 4428  AntiVirService - ok
00:21:59.0236 4428  [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
00:21:59.0252 4428  AntiVirWebService - ok
00:21:59.0299 4428  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
00:21:59.0377 4428  AppID - ok
00:21:59.0408 4428  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:21:59.0470 4428  AppIDSvc - ok
00:21:59.0533 4428  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
00:21:59.0580 4428  Appinfo - ok
00:21:59.0626 4428  Application Updater - ok
00:21:59.0673 4428  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
00:21:59.0689 4428  arc - ok
00:21:59.0704 4428  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
00:21:59.0720 4428  arcsas - ok
00:21:59.0845 4428  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:21:59.0876 4428  aspnet_state - ok
00:21:59.0907 4428  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:21:59.0970 4428  AsyncMac - ok
00:22:00.0016 4428  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
00:22:00.0032 4428  atapi - ok
00:22:00.0110 4428  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
00:22:00.0157 4428  athr - ok
00:22:00.0235 4428  [ EA512F43F4A28D18B52CAFE8C93984FB ] ATSwpWDF        C:\Windows\system32\Drivers\ATSwpWDF.sys
00:22:00.0313 4428  ATSwpWDF - ok
00:22:00.0375 4428  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:22:00.0453 4428  AudioEndpointBuilder - ok
00:22:00.0484 4428  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:22:00.0516 4428  AudioSrv - ok
00:22:00.0578 4428  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
00:22:00.0594 4428  avgntflt - ok
00:22:00.0687 4428  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
00:22:00.0703 4428  avipbb - ok
00:22:00.0734 4428  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
00:22:00.0734 4428  avkmgr - ok
00:22:00.0796 4428  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:22:00.0859 4428  AxInstSV - ok
00:22:00.0906 4428  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
00:22:00.0952 4428  b06bdrv - ok
00:22:01.0015 4428  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:22:01.0062 4428  b57nd60a - ok
00:22:01.0108 4428  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:22:01.0140 4428  BDESVC - ok
00:22:01.0171 4428  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:22:01.0233 4428  Beep - ok
00:22:01.0296 4428  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
00:22:01.0389 4428  BFE - ok
00:22:01.0498 4428  [ 8DC837789BBF0E1BEF252A8F7C101F7B ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
00:22:01.0514 4428  BingDesktopUpdate - ok
00:22:01.0545 4428  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
00:22:01.0623 4428  BITS - ok
00:22:01.0654 4428  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:22:01.0701 4428  blbdrive - ok
00:22:01.0748 4428  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:22:01.0764 4428  bowser - ok
00:22:01.0795 4428  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:22:01.0857 4428  BrFiltLo - ok
00:22:01.0873 4428  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:22:01.0920 4428  BrFiltUp - ok
00:22:01.0966 4428  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
00:22:01.0998 4428  Browser - ok
00:22:02.0029 4428  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:22:02.0076 4428  Brserid - ok
00:22:02.0107 4428  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:22:02.0154 4428  BrSerWdm - ok
00:22:02.0185 4428  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:22:02.0216 4428  BrUsbMdm - ok
00:22:02.0247 4428  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:22:02.0278 4428  BrUsbSer - ok
00:22:02.0310 4428  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
00:22:02.0356 4428  BTHMODEM - ok
00:22:02.0388 4428  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
00:22:02.0450 4428  bthserv - ok
00:22:02.0481 4428  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:22:02.0544 4428  cdfs - ok
00:22:02.0606 4428  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:22:02.0653 4428  cdrom - ok
00:22:02.0715 4428  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:22:02.0778 4428  CertPropSvc - ok
00:22:02.0824 4428  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
00:22:02.0871 4428  circlass - ok
00:22:02.0918 4428  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
00:22:02.0934 4428  CLFS - ok
00:22:03.0012 4428  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:22:03.0027 4428  clr_optimization_v2.0.50727_32 - ok
00:22:03.0090 4428  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:22:03.0105 4428  clr_optimization_v2.0.50727_64 - ok
00:22:03.0168 4428  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:22:03.0183 4428  clr_optimization_v4.0.30319_32 - ok
00:22:03.0183 4428  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:22:03.0199 4428  clr_optimization_v4.0.30319_64 - ok
00:22:03.0214 4428  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:22:03.0261 4428  CmBatt - ok
00:22:03.0308 4428  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:22:03.0324 4428  cmdide - ok
00:22:03.0370 4428  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
00:22:03.0417 4428  CNG - ok
00:22:03.0464 4428  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:22:03.0480 4428  Compbatt - ok
00:22:03.0511 4428  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
00:22:03.0542 4428  CompositeBus - ok
00:22:03.0573 4428  COMSysApp - ok
00:22:03.0573 4428  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
00:22:03.0589 4428  crcdisk - ok
00:22:03.0651 4428  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:22:03.0698 4428  CryptSvc - ok
00:22:03.0823 4428  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:22:03.0870 4428  cvhsvc - ok
00:22:03.0932 4428  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:22:03.0994 4428  DcomLaunch - ok
00:22:04.0026 4428  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
00:22:04.0088 4428  defragsvc - ok
00:22:04.0135 4428  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:22:04.0197 4428  DfsC - ok
00:22:04.0260 4428  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
00:22:04.0275 4428  dg_ssudbus - ok
00:22:04.0322 4428  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:22:04.0384 4428  Dhcp - ok
00:22:04.0416 4428  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
00:22:04.0462 4428  discache - ok
00:22:04.0494 4428  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
00:22:04.0509 4428  Disk - ok
00:22:04.0540 4428  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:22:04.0587 4428  Dnscache - ok
00:22:04.0634 4428  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:22:04.0712 4428  dot3svc - ok
00:22:04.0728 4428  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
00:22:04.0790 4428  DPS - ok
00:22:04.0852 4428  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:22:04.0884 4428  drmkaud - ok
00:22:04.0930 4428  [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
00:22:04.0946 4428  DsiWMIService - ok
00:22:05.0024 4428  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:22:05.0040 4428  dtsoftbus01 - ok
00:22:05.0071 4428  dump_wmimmc - ok
00:22:05.0133 4428  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:22:05.0149 4428  DXGKrnl - ok
00:22:05.0180 4428  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
00:22:05.0242 4428  EapHost - ok
00:22:05.0336 4428  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
00:22:05.0476 4428  ebdrv - ok
00:22:05.0523 4428  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
00:22:05.0554 4428  EFS - ok
00:22:05.0632 4428  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:22:05.0695 4428  ehRecvr - ok
00:22:05.0726 4428  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
00:22:05.0773 4428  ehSched - ok
00:22:05.0820 4428  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
00:22:05.0851 4428  elxstor - ok
00:22:05.0944 4428  [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
00:22:05.0960 4428  ePowerSvc - ok
00:22:05.0976 4428  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:22:06.0007 4428  ErrDev - ok
00:22:06.0054 4428  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
00:22:06.0116 4428  EventSystem - ok
00:22:06.0163 4428  [ A0539478593A00AA64E600CF7E19F195 ] EvolveVirtualAdapter C:\Windows\system32\DRIVERS\evolve.sys
00:22:06.0178 4428  EvolveVirtualAdapter - ok
00:22:06.0303 4428  [ AC41DDC9AF13C758D3EA5E9D36D78AF1 ] EvoSvc          C:\Program Files\Echobit\Evolve\EvoSvc.exe
00:22:06.0381 4428  EvoSvc - ok
00:22:06.0428 4428  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
00:22:06.0490 4428  exfat - ok
00:22:06.0522 4428  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:22:06.0553 4428  fastfat - ok
00:22:06.0615 4428  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
00:22:06.0646 4428  Fax - ok
00:22:06.0693 4428  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:22:06.0724 4428  fdc - ok
00:22:06.0771 4428  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:22:06.0818 4428  fdPHost - ok
00:22:06.0849 4428  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:22:06.0896 4428  FDResPub - ok
00:22:06.0927 4428  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:22:06.0943 4428  FileInfo - ok
00:22:06.0974 4428  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:22:07.0036 4428  Filetrace - ok
00:22:07.0099 4428  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:22:07.0130 4428  FLEXnet Licensing Service - ok
00:22:07.0161 4428  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:22:07.0192 4428  flpydisk - ok
00:22:07.0255 4428  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:22:07.0270 4428  FltMgr - ok
00:22:07.0333 4428  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
00:22:07.0395 4428  FontCache - ok
00:22:07.0442 4428  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:22:07.0458 4428  FontCache3.0.0.0 - ok
00:22:07.0489 4428  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:22:07.0504 4428  FsDepends - ok
00:22:07.0551 4428  [ B16B626996C74B564005BA855C5DEE90 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
00:22:07.0567 4428  fssfltr - ok
00:22:07.0660 4428  [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:22:07.0707 4428  fsssvc - ok
00:22:07.0754 4428  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:22:07.0770 4428  Fs_Rec - ok
00:22:07.0816 4428  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:22:07.0848 4428  fvevol - ok
00:22:07.0863 4428  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
00:22:07.0879 4428  gagp30kx - ok
00:22:07.0926 4428  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
00:22:08.0004 4428  gpsvc - ok
00:22:08.0082 4428  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
00:22:08.0097 4428  GREGService - ok
00:22:08.0191 4428  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:22:08.0191 4428  gupdate - ok
00:22:08.0222 4428  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:22:08.0238 4428  gupdatem - ok
00:22:08.0284 4428  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:22:08.0316 4428  hcw85cir - ok
00:22:08.0378 4428  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:22:08.0409 4428  HdAudAddService - ok
00:22:08.0456 4428  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
00:22:08.0487 4428  HDAudBus - ok
00:22:08.0534 4428  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
00:22:08.0550 4428  HECIx64 - ok
00:22:08.0596 4428  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
00:22:08.0612 4428  HidBatt - ok
00:22:08.0628 4428  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
00:22:08.0659 4428  HidBth - ok
00:22:08.0706 4428  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
00:22:08.0752 4428  HidIr - ok
00:22:08.0784 4428  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
00:22:08.0830 4428  hidserv - ok
00:22:08.0877 4428  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:22:08.0893 4428  HidUsb - ok
00:22:08.0924 4428  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:22:08.0986 4428  hkmsvc - ok
00:22:09.0033 4428  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:22:09.0080 4428  HomeGroupListener - ok
00:22:09.0111 4428  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:22:09.0142 4428  HomeGroupProvider - ok
00:22:09.0189 4428  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:22:09.0205 4428  HpSAMD - ok
00:22:09.0267 4428  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:22:09.0361 4428  HTTP - ok
00:22:09.0408 4428  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:22:09.0408 4428  hwpolicy - ok
00:22:09.0454 4428  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
00:22:09.0486 4428  i8042prt - ok
00:22:09.0517 4428  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
00:22:09.0532 4428  iaStor - ok
00:22:09.0610 4428  [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
00:22:09.0626 4428  IAStorDataMgrSvc - ok
00:22:09.0657 4428  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:22:09.0673 4428  iaStorV - ok
00:22:09.0720 4428  ICQ Service - ok
00:22:09.0782 4428  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:22:09.0829 4428  idsvc - ok
00:22:09.0860 4428  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
00:22:09.0876 4428  iirsp - ok
00:22:09.0907 4428  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
00:22:09.0969 4428  IKEEXT - ok
00:22:10.0032 4428  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
00:22:10.0063 4428  Impcd - ok
00:22:10.0156 4428  [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:22:10.0203 4428  IntcAzAudAddService - ok
00:22:10.0250 4428  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
00:22:10.0266 4428  intelide - ok
00:22:10.0312 4428  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:22:10.0328 4428  intelppm - ok
00:22:10.0375 4428  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:22:10.0422 4428  IPBusEnum - ok
00:22:10.0453 4428  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:22:10.0515 4428  IpFilterDriver - ok
00:22:10.0562 4428  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:22:10.0609 4428  iphlpsvc - ok
00:22:10.0624 4428  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:22:10.0656 4428  IPMIDRV - ok
00:22:10.0687 4428  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:22:10.0749 4428  IPNAT - ok
00:22:10.0780 4428  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:22:10.0796 4428  IRENUM - ok
00:22:10.0812 4428  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:22:10.0827 4428  isapnp - ok
00:22:10.0858 4428  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:22:10.0874 4428  iScsiPrt - ok
00:22:10.0936 4428  [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
00:22:10.0952 4428  k57nd60a - ok
00:22:10.0968 4428  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:22:10.0983 4428  kbdclass - ok
00:22:11.0046 4428  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:22:11.0077 4428  kbdhid - ok
00:22:11.0124 4428  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
00:22:11.0124 4428  KeyIso - ok
00:22:11.0170 4428  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:22:11.0186 4428  KSecDD - ok
00:22:11.0217 4428  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:22:11.0233 4428  KSecPkg - ok
00:22:11.0280 4428  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:22:11.0311 4428  ksthunk - ok
00:22:11.0342 4428  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:22:11.0420 4428  KtmRm - ok
00:22:11.0482 4428  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:22:11.0529 4428  LanmanServer - ok
00:22:11.0576 4428  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:22:11.0638 4428  LanmanWorkstation - ok
00:22:11.0685 4428  libusb0 - ok
00:22:11.0716 4428  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:22:11.0763 4428  lltdio - ok
00:22:11.0794 4428  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:22:11.0857 4428  lltdsvc - ok
00:22:11.0888 4428  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:22:11.0935 4428  lmhosts - ok
00:22:12.0028 4428  [ DBC1136A62BD4DECC3632DF650284C2E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:22:12.0044 4428  LMS - ok
00:22:12.0091 4428  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
00:22:12.0106 4428  LSI_FC - ok
00:22:12.0138 4428  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
00:22:12.0153 4428  LSI_SAS - ok
00:22:12.0169 4428  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:22:12.0184 4428  LSI_SAS2 - ok
00:22:12.0200 4428  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:22:12.0216 4428  LSI_SCSI - ok
00:22:12.0247 4428  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
00:22:12.0309 4428  luafv - ok
00:22:12.0340 4428  lxbs_device - ok
00:22:12.0403 4428  [ 1104A3A552D1D249A6AB5ACCBDEFB5EF ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
00:22:12.0418 4428  McAfee SiteAdvisor Service - ok
00:22:12.0465 4428  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:22:12.0496 4428  Mcx2Svc - ok
00:22:12.0528 4428  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
00:22:12.0543 4428  megasas - ok
00:22:12.0574 4428  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
00:22:12.0590 4428  MegaSR - ok
00:22:12.0668 4428  Microsoft SharePoint Workspace Audit Service - ok
00:22:12.0715 4428  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
00:22:12.0762 4428  MMCSS - ok
00:22:12.0793 4428  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
00:22:12.0855 4428  Modem - ok
00:22:12.0886 4428  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:22:12.0918 4428  monitor - ok
00:22:12.0996 4428  [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
00:22:13.0011 4428  MotioninJoyXFilter - ok
00:22:13.0058 4428  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:22:13.0074 4428  mouclass - ok
00:22:13.0120 4428  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:22:13.0167 4428  mouhid - ok
00:22:13.0214 4428  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:22:13.0230 4428  mountmgr - ok
00:22:13.0245 4428  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:22:13.0261 4428  mpio - ok
00:22:13.0292 4428  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:22:13.0339 4428  mpsdrv - ok
00:22:13.0386 4428  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:22:13.0448 4428  MpsSvc - ok
00:22:13.0495 4428  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:22:13.0526 4428  MRxDAV - ok
00:22:13.0573 4428  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:22:13.0588 4428  mrxsmb - ok
00:22:13.0620 4428  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:22:13.0666 4428  mrxsmb10 - ok
00:22:13.0698 4428  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:22:13.0744 4428  mrxsmb20 - ok
00:22:13.0822 4428  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:22:13.0822 4428  msahci - ok
00:22:13.0854 4428  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:22:13.0869 4428  msdsm - ok
00:22:13.0885 4428  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
00:22:13.0916 4428  MSDTC - ok
00:22:13.0978 4428  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:22:14.0025 4428  Msfs - ok
00:22:14.0072 4428  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:22:14.0119 4428  mshidkmdf - ok
00:22:14.0166 4428  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:22:14.0166 4428  msisadrv - ok
00:22:14.0197 4428  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:22:14.0259 4428  MSiSCSI - ok
00:22:14.0259 4428  msiserver - ok
00:22:14.0306 4428  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:22:14.0337 4428  MSKSSRV - ok
00:22:14.0368 4428  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:22:14.0415 4428  MSPCLOCK - ok
00:22:14.0415 4428  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:22:14.0462 4428  MSPQM - ok
00:22:14.0509 4428  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:22:14.0524 4428  MsRPC - ok
00:22:14.0556 4428  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
00:22:14.0571 4428  mssmbios - ok
00:22:14.0587 4428  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:22:14.0649 4428  MSTEE - ok
00:22:14.0680 4428  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
00:22:14.0712 4428  MTConfig - ok
00:22:14.0743 4428  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:22:14.0758 4428  Mup - ok
00:22:14.0790 4428  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
00:22:14.0805 4428  mwlPSDFilter - ok
00:22:14.0805 4428  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
00:22:14.0821 4428  mwlPSDNServ - ok
00:22:14.0836 4428  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
00:22:14.0852 4428  mwlPSDVDisk - ok
00:22:14.0914 4428  [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
00:22:14.0930 4428  MWLService - ok
00:22:14.0977 4428  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
00:22:15.0039 4428  napagent - ok
00:22:15.0086 4428  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:22:15.0102 4428  NativeWifiP - ok
00:22:15.0148 4428  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:22:15.0180 4428  NDIS - ok
00:22:15.0211 4428  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:22:15.0258 4428  NdisCap - ok
00:22:15.0304 4428  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:22:15.0367 4428  NdisTapi - ok
00:22:15.0414 4428  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:22:15.0476 4428  Ndisuio - ok
00:22:15.0523 4428  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:22:15.0585 4428  NdisWan - ok
00:22:15.0632 4428  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:22:15.0663 4428  NDProxy - ok
00:22:15.0710 4428  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:22:15.0772 4428  NetBIOS - ok
00:22:15.0819 4428  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:22:15.0850 4428  NetBT - ok
00:22:15.0882 4428  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
00:22:15.0897 4428  Netlogon - ok
00:22:15.0913 4428  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
00:22:15.0975 4428  Netman - ok
00:22:16.0022 4428  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:16.0053 4428  NetMsmqActivator - ok
00:22:16.0053 4428  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:16.0069 4428  NetPipeActivator - ok
00:22:16.0084 4428  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
00:22:16.0147 4428  netprofm - ok
00:22:16.0178 4428  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:16.0194 4428  NetTcpActivator - ok
00:22:16.0194 4428  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:16.0194 4428  NetTcpPortSharing - ok
00:22:16.0225 4428  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
00:22:16.0240 4428  nfrd960 - ok
00:22:16.0287 4428  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:22:16.0318 4428  NlaSvc - ok
00:22:16.0396 4428  [ 216BDF8B1017BB52692C9EE3C1E50597 ] nmwcdcx64       C:\Windows\system32\drivers\ccdcmbox64.sys
00:22:16.0443 4428  nmwcdcx64 - ok
00:22:16.0474 4428  [ C9773EF9CBF2877725A45F07396D5DA6 ] nmwcdx64        C:\Windows\system32\drivers\ccdcmbx64.sys
00:22:16.0506 4428  nmwcdx64 - ok
00:22:16.0630 4428  [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
00:22:16.0708 4428  NOBU - ok
00:22:16.0724 4428  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:22:16.0755 4428  Npfs - ok
00:22:16.0771 4428  npggsvc - ok
00:22:16.0786 4428  NPPTNT2 - ok
00:22:16.0818 4428  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
00:22:16.0880 4428  nsi - ok
00:22:16.0911 4428  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:22:16.0974 4428  nsiproxy - ok
00:22:17.0036 4428  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:22:17.0114 4428  Ntfs - ok
00:22:17.0176 4428  [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
00:22:17.0192 4428  NTI IScheduleSvc - ok
00:22:17.0208 4428  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
00:22:17.0223 4428  NTIDrvr - ok
00:22:17.0239 4428  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
00:22:17.0301 4428  Null - ok
00:22:17.0348 4428  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:22:17.0364 4428  nvraid - ok
00:22:17.0395 4428  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:22:17.0410 4428  nvstor - ok
00:22:17.0457 4428  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:22:17.0473 4428  nv_agp - ok
00:22:17.0520 4428  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:22:17.0551 4428  ohci1394 - ok
00:22:17.0644 4428  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:22:17.0660 4428  ose - ok
00:22:17.0800 4428  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:22:18.0034 4428  osppsvc - ok
00:22:18.0081 4428  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:22:18.0128 4428  p2pimsvc - ok
00:22:18.0159 4428  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:22:18.0206 4428  p2psvc - ok
00:22:18.0237 4428  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:22:18.0284 4428  Parport - ok
00:22:18.0315 4428  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:22:18.0331 4428  partmgr - ok
00:22:18.0362 4428  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:22:18.0409 4428  PcaSvc - ok
00:22:18.0440 4428  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
00:22:18.0440 4428  pci - ok
00:22:18.0502 4428  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
00:22:18.0518 4428  pciide - ok
00:22:18.0534 4428  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
00:22:18.0565 4428  pcmcia - ok
00:22:18.0596 4428  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:22:18.0612 4428  pcw - ok
00:22:18.0643 4428  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:22:18.0783 4428  PEAUTH - ok
00:22:18.0877 4428  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:22:18.0892 4428  PerfHost - ok
00:22:18.0955 4428  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
00:22:19.0064 4428  pla - ok
00:22:19.0126 4428  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:22:19.0173 4428  PlugPlay - ok
00:22:19.0220 4428  PnkBstrA - ok
00:22:19.0236 4428  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:22:19.0251 4428  PNRPAutoReg - ok
00:22:19.0267 4428  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:22:19.0282 4428  PNRPsvc - ok
00:22:19.0345 4428  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:22:19.0392 4428  PolicyAgent - ok
00:22:19.0438 4428  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
00:22:19.0485 4428  Power - ok
00:22:19.0548 4428  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:22:19.0610 4428  PptpMiniport - ok
00:22:19.0641 4428  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
00:22:19.0688 4428  Processor - ok
00:22:19.0719 4428  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:22:19.0766 4428  ProfSvc - ok
00:22:19.0782 4428  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:22:19.0797 4428  ProtectedStorage - ok
00:22:19.0828 4428  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:22:19.0891 4428  Psched - ok
00:22:19.0953 4428  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
00:22:20.0016 4428  ql2300 - ok
00:22:20.0031 4428  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
00:22:20.0047 4428  ql40xx - ok
00:22:20.0094 4428  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
00:22:20.0109 4428  QWAVE - ok
00:22:20.0140 4428  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:22:20.0187 4428  QWAVEdrv - ok
00:22:20.0203 4428  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:22:20.0265 4428  RasAcd - ok
00:22:20.0328 4428  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:22:20.0374 4428  RasAgileVpn - ok
00:22:20.0406 4428  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
00:22:20.0452 4428  RasAuto - ok
00:22:20.0484 4428  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:22:20.0530 4428  Rasl2tp - ok
00:22:20.0562 4428  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
00:22:20.0624 4428  RasMan - ok
00:22:20.0671 4428  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:22:20.0733 4428  RasPppoe - ok
00:22:20.0749 4428  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:22:20.0796 4428  RasSstp - ok
00:22:20.0827 4428  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:22:20.0874 4428  rdbss - ok
00:22:20.0889 4428  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:22:20.0920 4428  rdpbus - ok
00:22:20.0952 4428  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:22:20.0983 4428  RDPCDD - ok
00:22:20.0998 4428  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:22:21.0061 4428  RDPENCDD - ok
00:22:21.0076 4428  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:22:21.0139 4428  RDPREFMP - ok
00:22:21.0201 4428  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:22:21.0232 4428  RdpVideoMiniport - ok
00:22:21.0279 4428  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:22:21.0295 4428  RDPWD - ok
00:22:21.0342 4428  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:22:21.0373 4428  rdyboost - ok
00:22:21.0404 4428  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:22:21.0451 4428  RemoteAccess - ok
00:22:21.0498 4428  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:22:21.0544 4428  RemoteRegistry - ok
00:22:21.0544 4428  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:22:21.0607 4428  RpcEptMapper - ok
00:22:21.0638 4428  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
00:22:21.0669 4428  RpcLocator - ok
00:22:21.0732 4428  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
00:22:21.0778 4428  RpcSs - ok
00:22:21.0810 4428  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:22:21.0872 4428  rspndr - ok
00:22:21.0934 4428  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
00:22:21.0950 4428  RSUSBSTOR - ok
00:22:22.0012 4428  [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
00:22:22.0028 4428  RTHDMIAzAudService - ok
00:22:22.0044 4428  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
00:22:22.0059 4428  SamSs - ok
00:22:22.0090 4428  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:22:22.0106 4428  sbp2port - ok
00:22:22.0137 4428  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:22:22.0200 4428  SCardSvr - ok
00:22:22.0246 4428  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:22:22.0278 4428  scfilter - ok
00:22:22.0324 4428  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
00:22:22.0402 4428  Schedule - ok
00:22:22.0434 4428  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:22:22.0465 4428  SCPolicySvc - ok
00:22:22.0496 4428  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:22:22.0543 4428  SDRSVC - ok
00:22:22.0590 4428  [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:22:22.0621 4428  SeaPort - ok
00:22:22.0714 4428  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:22:22.0777 4428  secdrv - ok
00:22:22.0808 4428  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
00:22:22.0870 4428  seclogon - ok
00:22:22.0902 4428  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
00:22:22.0933 4428  SENS - ok
00:22:22.0948 4428  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:22:22.0980 4428  SensrSvc - ok
00:22:23.0026 4428  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:22:23.0058 4428  Serenum - ok
00:22:23.0104 4428  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:22:23.0151 4428  Serial - ok
00:22:23.0182 4428  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
00:22:23.0214 4428  sermouse - ok
00:22:23.0260 4428  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:22:23.0292 4428  SessionEnv - ok
00:22:23.0323 4428  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:22:23.0354 4428  sffdisk - ok
00:22:23.0370 4428  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:22:23.0401 4428  sffp_mmc - ok
00:22:23.0416 4428  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:22:23.0463 4428  sffp_sd - ok
00:22:23.0510 4428  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:22:23.0510 4428  sfloppy - ok
00:22:23.0557 4428  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
00:22:23.0588 4428  Sftfs - ok
00:22:23.0682 4428  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:22:23.0697 4428  sftlist - ok
00:22:23.0713 4428  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:22:23.0728 4428  Sftplay - ok
00:22:23.0744 4428  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:22:23.0760 4428  Sftredir - ok
00:22:23.0775 4428  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
00:22:23.0791 4428  Sftvol - ok
00:22:23.0822 4428  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:22:23.0838 4428  sftvsa - ok
00:22:23.0869 4428  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:22:23.0931 4428  SharedAccess - ok
00:22:23.0994 4428  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:22:24.0056 4428  ShellHWDetection - ok
00:22:24.0103 4428  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:22:24.0103 4428  SiSRaid2 - ok
00:22:24.0118 4428  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
00:22:24.0134 4428  SiSRaid4 - ok
00:22:24.0290 4428  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
00:22:24.0384 4428  Skype C2C Service - ok
00:22:24.0462 4428  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:22:24.0508 4428  SkypeUpdate - ok
00:22:24.0540 4428  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:22:24.0602 4428  Smb - ok
00:22:24.0633 4428  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:22:24.0649 4428  SNMPTRAP - ok
00:22:24.0664 4428  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:22:24.0680 4428  spldr - ok
00:22:24.0727 4428  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
00:22:24.0774 4428  Spooler - ok
00:22:24.0867 4428  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
00:22:25.0008 4428  sppsvc - ok
00:22:25.0039 4428  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:22:25.0101 4428  sppuinotify - ok
00:22:25.0616 4428  [ A67B31A281DF3F2CA2B3C7005CE66DB3 ] SProtection     C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
00:22:25.0897 4428  SProtection - ok
00:22:25.0944 4428  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:22:25.0990 4428  srv - ok
00:22:26.0022 4428  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:22:26.0084 4428  srv2 - ok
00:22:26.0100 4428  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:22:26.0146 4428  srvnet - ok
00:22:26.0193 4428  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:22:26.0240 4428  SSDPSRV - ok
00:22:26.0271 4428  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:22:26.0334 4428  SstpSvc - ok
00:22:26.0380 4428  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
00:22:26.0396 4428  ssudmdm - ok
00:22:26.0427 4428  Steam Client Service - ok
00:22:26.0458 4428  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
00:22:26.0474 4428  stexstor - ok
00:22:26.0505 4428  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
00:22:26.0552 4428  stisvc - ok
00:22:26.0583 4428  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
00:22:26.0599 4428  swenum - ok
00:22:26.0646 4428  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
00:22:26.0708 4428  swprv - ok
00:22:26.0755 4428  [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
00:22:26.0770 4428  SynTP - ok
00:22:26.0833 4428  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
00:22:26.0895 4428  SysMain - ok
00:22:26.0942 4428  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:22:26.0973 4428  TabletInputService - ok
00:22:27.0004 4428  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:22:27.0067 4428  TapiSrv - ok
00:22:27.0098 4428  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
00:22:27.0145 4428  TBS - ok
00:22:27.0223 4428  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:22:27.0316 4428  Tcpip - ok
00:22:27.0363 4428  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:22:27.0394 4428  TCPIP6 - ok
00:22:27.0426 4428  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:22:27.0472 4428  tcpipreg - ok
00:22:27.0519 4428  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:22:27.0550 4428  TDPIPE - ok
00:22:27.0597 4428  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:22:27.0613 4428  TDTCP - ok
00:22:27.0644 4428  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:22:27.0706 4428  tdx - ok
00:22:27.0738 4428  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
00:22:27.0753 4428  TermDD - ok
00:22:27.0800 4428  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
00:22:27.0862 4428  TermService - ok
00:22:27.0894 4428  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
00:22:27.0909 4428  Themes - ok
00:22:27.0940 4428  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
00:22:27.0972 4428  THREADORDER - ok
00:22:27.0987 4428  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
00:22:28.0050 4428  TrkWks - ok
00:22:28.0112 4428  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:22:28.0174 4428  TrustedInstaller - ok
00:22:28.0221 4428  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:22:28.0284 4428  tssecsrv - ok
00:22:28.0315 4428  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:22:28.0362 4428  TsUsbFlt - ok
00:22:28.0424 4428  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:22:28.0455 4428  tunnel - ok
00:22:28.0471 4428  [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
00:22:28.0486 4428  TurboB - ok
00:22:28.0518 4428  [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:22:28.0533 4428  TurboBoost - ok
00:22:28.0564 4428  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
00:22:28.0580 4428  uagp35 - ok
00:22:28.0596 4428  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
00:22:28.0611 4428  UBHelper - ok
00:22:28.0642 4428  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:22:28.0720 4428  udfs - ok
00:22:28.0752 4428  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:22:28.0783 4428  UI0Detect - ok
00:22:28.0830 4428  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:22:28.0845 4428  uliagpkx - ok
00:22:28.0892 4428  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
00:22:28.0908 4428  umbus - ok
00:22:28.0939 4428  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
00:22:28.0970 4428  UmPass - ok
00:22:29.0064 4428  [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:22:29.0142 4428  UNS - ok
00:22:29.0188 4428  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
00:22:29.0204 4428  Updater Service - ok
00:22:29.0235 4428  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
00:22:29.0298 4428  upnphost - ok
00:22:29.0376 4428  [ F49988FBF59413B974B1380D6F743EBC ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
00:22:29.0407 4428  upperdev - ok
00:22:29.0438 4428  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:22:29.0485 4428  usbccgp - ok
00:22:29.0547 4428  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
00:22:29.0594 4428  usbcir - ok
00:22:29.0625 4428  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
00:22:29.0672 4428  usbehci - ok
00:22:29.0703 4428  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:22:29.0734 4428  usbhub - ok
00:22:29.0766 4428  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:22:29.0781 4428  usbohci - ok
00:22:29.0828 4428  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:22:29.0859 4428  usbprint - ok
00:22:29.0906 4428  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:22:29.0922 4428  usbscan - ok
00:22:29.0953 4428  [ 0F0C72A657C622286013788B886968AD ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
00:22:29.0968 4428  usbser - ok
00:22:30.0000 4428  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:22:30.0046 4428  USBSTOR - ok
00:22:30.0062 4428  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:22:30.0093 4428  usbuhci - ok
00:22:30.0171 4428  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
00:22:30.0187 4428  usbvideo - ok
00:22:30.0234 4428  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
00:22:30.0280 4428  usb_rndisx - ok
00:22:30.0296 4428  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
00:22:30.0358 4428  UxSms - ok
00:22:30.0390 4428  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
00:22:30.0390 4428  VaultSvc - ok
00:22:30.0421 4428  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:22:30.0421 4428  vdrvroot - ok
00:22:30.0468 4428  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
00:22:30.0546 4428  vds - ok
00:22:30.0577 4428  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:22:30.0592 4428  vga - ok
00:22:30.0608 4428  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:22:30.0655 4428  VgaSave - ok
00:22:30.0686 4428  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:22:30.0717 4428  vhdmp - ok
00:22:30.0764 4428  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:22:30.0780 4428  viaide - ok
00:22:30.0795 4428  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:22:30.0811 4428  volmgr - ok
00:22:30.0858 4428  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:22:30.0889 4428  volmgrx - ok
00:22:30.0904 4428  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:22:30.0920 4428  volsnap - ok
00:22:30.0951 4428  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
00:22:30.0967 4428  vsmraid - ok
00:22:31.0029 4428  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
00:22:31.0123 4428  VSS - ok
00:22:31.0154 4428  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
00:22:31.0170 4428  vwifibus - ok
00:22:31.0185 4428  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
00:22:31.0232 4428  vwififlt - ok
00:22:31.0263 4428  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
00:22:31.0294 4428  vwifimp - ok
00:22:31.0341 4428  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
00:22:31.0388 4428  W32Time - ok
00:22:31.0419 4428  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
00:22:31.0435 4428  WacomPen - ok
00:22:31.0466 4428  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:22:31.0497 4428  WANARP - ok
00:22:31.0513 4428  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:22:31.0544 4428  Wanarpv6 - ok
00:22:31.0653 4428  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
00:22:31.0700 4428  wbengine - ok
00:22:31.0762 4428  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:22:31.0794 4428  WbioSrvc - ok
00:22:31.0840 4428  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:22:31.0872 4428  wcncsvc - ok
00:22:31.0872 4428  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:22:31.0918 4428  WcsPlugInService - ok
00:22:31.0950 4428  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
00:22:31.0965 4428  Wd - ok
00:22:32.0012 4428  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:22:32.0074 4428  Wdf01000 - ok
00:22:32.0090 4428  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:22:32.0137 4428  WdiServiceHost - ok
00:22:32.0152 4428  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:22:32.0168 4428  WdiSystemHost - ok
00:22:32.0199 4428  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
00:22:32.0246 4428  WebClient - ok
00:22:32.0293 4428  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:22:32.0355 4428  Wecsvc - ok
00:22:32.0386 4428  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:22:32.0449 4428  wercplsupport - ok
00:22:32.0480 4428  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:22:32.0511 4428  WerSvc - ok
00:22:32.0558 4428  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:22:32.0605 4428  WfpLwf - ok
00:22:32.0620 4428  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:22:32.0636 4428  WIMMount - ok
00:22:32.0652 4428  WinHttpAutoProxySvc - ok
00:22:32.0714 4428  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:22:32.0761 4428  Winmgmt - ok
00:22:32.0823 4428  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
00:22:32.0979 4428  WinRM - ok
00:22:33.0026 4428  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:22:33.0057 4428  WinUsb - ok
00:22:33.0088 4428  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:22:33.0135 4428  Wlansvc - ok
00:22:33.0260 4428  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:22:33.0338 4428  wlidsvc - ok
00:22:33.0369 4428  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:22:33.0400 4428  WmiAcpi - ok
00:22:33.0432 4428  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:22:33.0447 4428  wmiApSrv - ok
00:22:33.0478 4428  WMPNetworkSvc - ok
00:22:33.0510 4428  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:22:33.0541 4428  WPCSvc - ok
00:22:33.0650 4428  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:22:33.0666 4428  WPDBusEnum - ok
00:22:33.0697 4428  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:22:33.0759 4428  ws2ifsl - ok
00:22:33.0759 4428  WSearch - ok
00:22:33.0853 4428  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:22:33.0931 4428  wuauserv - ok
00:22:33.0978 4428  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:22:33.0993 4428  WudfPf - ok
00:22:34.0024 4428  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:22:34.0056 4428  WUDFRd - ok
00:22:34.0087 4428  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:22:34.0118 4428  wudfsvc - ok
00:22:34.0165 4428  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:22:34.0180 4428  WwanSvc - ok
00:22:34.0243 4428  [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
00:22:34.0258 4428  xusb21 - ok
00:22:34.0290 4428  ================ Scan global ===============================
00:22:34.0321 4428  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:22:34.0368 4428  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:22:34.0368 4428  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:22:34.0399 4428  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:22:34.0414 4428  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:22:34.0430 4428  [Global] - ok
00:22:34.0430 4428  ================ Scan MBR ==================================
00:22:34.0446 4428  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:22:34.0882 4428  \Device\Harddisk0\DR0 - ok
00:22:34.0898 4428  [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk1\DR3
00:22:35.0038 4428  \Device\Harddisk1\DR3 - ok
00:22:35.0038 4428  ================ Scan VBR ==================================
00:22:35.0054 4428  [ F837EF2B93BF4A23F7025B13991B33A8 ] \Device\Harddisk0\DR0\Partition1
00:22:35.0054 4428  \Device\Harddisk0\DR0\Partition1 - ok
00:22:35.0054 4428  [ B6775C4EE1ADF013ABB6F63BC1D7F720 ] \Device\Harddisk0\DR0\Partition2
00:22:35.0070 4428  \Device\Harddisk0\DR0\Partition2 - ok
00:22:35.0070 4428  [ 21BF7A78DD31FF633741045616A25884 ] \Device\Harddisk1\DR3\Partition1
00:22:35.0070 4428  \Device\Harddisk1\DR3\Partition1 - ok
00:22:35.0070 4428  ============================================================
00:22:35.0070 4428  Scan finished
00:22:35.0070 4428  ============================================================
00:22:35.0085 4744  Detected object count: 1
00:22:35.0085 4744  Actual detected object count: 1
00:22:44.0757 4744  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
00:22:44.0757 4744  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
         

Geändert von proto (16.05.2013 um 00:07 Uhr)

Alt 15.05.2013, 23:26   #10
markusg
/// Malware-holic
 
GVU-Trojaner mit Webcam Bild auf WIN7 64Bit - Standard

GVU-Trojaner mit Webcam Bild auf WIN7 64Bit



sieht gut aus.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.05.2013, 23:52   #11
proto
 
GVU-Trojaner mit Webcam Bild auf WIN7 64Bit - Standard

GVU-Trojaner mit Webcam Bild auf WIN7 64Bit



hi
hatte vorhin combofix ausgeführt doch trotz das ich antivir deaktiviert habe bekam ich Fehlermeldungen dann habe ich es trotzdem ausgeführt. Nach dem Neustart habe ich zwar
ein Symbol Combofix gefunden unter C: aber keine .txt jetzt habe ich Antivir deinstalliert und lass combofix erneut laufen.

Code:
ATTFilter
ComboFix 13-05-15.01 - USERXYZ 16.05.2013   0:51.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2419 [GMT 2:00]
ausgeführt von:: c:\users\USERXYZ\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\FullRemove.exe
c:\users\USERXYZ\AppData\Local\mehkombddi.exe
c:\users\USERXYZ\AppData\Roaming\Help\coredb\storage
c:\users\USERXYZ\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\USERXYZ\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\USERXYZ\AppData\Roaming\MicrosoftSystems
c:\users\USERXYZ\AppData\Roaming\MicrosoftSystems\Internet Explorer\Internet.ico
c:\users\USERXYZ\AppData\Roaming\MicrosoftSystems\Internet Explorer\Toolbar.InstallState
c:\windows\assembly\GAC_MSIL\Toolbar
c:\windows\jestertb.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-15 bis 2013-05-15  ))))))))))))))))))))))))))))))
.
.
2013-05-15 23:01 . 2013-05-15 23:01	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-05-15 23:01 . 2013-05-15 23:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-15 23:01 . 2013-05-15 23:01	--------	d-----w-	c:\users\Administrator.USERXYZ-PC\AppData\Local\temp
2013-05-15 21:51 . 2013-05-15 22:00	--------	d-----w-	C:\_OTL
2013-05-15 09:39 . 2013-05-15 09:39	--------	d-----w-	c:\program files (x86)\GUMC85D.tmp
2013-05-11 11:51 . 2013-05-11 11:51	--------	d-----w-	c:\program files (x86)\GUMFFE0.tmp
2013-05-04 16:29 . 2013-05-04 16:30	--------	d-----w-	c:\users\USERXYZ\AppData\Roaming\Notepad++
2013-05-04 16:29 . 2013-05-04 16:29	--------	d-----w-	c:\program files (x86)\Notepad++
2013-05-04 16:18 . 2013-05-04 16:18	--------	d-----w-	c:\program files (x86)\NAVIGON
2013-05-03 17:12 . 2013-05-03 17:12	--------	d-----w-	c:\users\USERXYZ\AppData\Local\Gameforge4d
2013-05-03 17:11 . 2013-05-03 17:11	--------	d-----w-	c:\users\USERXYZ\AppData\Local\Programs
2013-04-28 19:24 . 2013-04-28 19:24	--------	d-----w-	c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 22:55 . 2013-04-04 20:08	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4814D6B-2A94-4982-889C-85E703D24B42}\offreg.dll
2013-04-30 23:02 . 2012-07-17 12:37	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-03-15 06:28 . 2013-03-22 09:53	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4814D6B-2A94-4982-889C-85E703D24B42}\mpengine.dll
2013-03-04 13:53 . 2011-02-18 17:25	72013344	----a-w-	c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
2011-06-01 15:47	177712	----a-w-	c:\program files (x86)\vShare.tv plugin\BarLcher.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2012-11-06 13:01	183112	----a-w-	c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{4d02e7e6-5930-4b51-b9b0-9f21b3789400}"= "mscoree.dll" [2010-11-05 297808]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files (x86)\vShare.tv plugin\BarLcher.dll" [2011-06-01 177712]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVD0.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}]
.
[HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1]
[HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}]
[HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-04 11:57	220632	----a-w-	c:\users\USERXYZ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-04 11:57	220632	----a-w-	c:\users\USERXYZ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-04 11:57	220632	----a-w-	c:\users\USERXYZ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-25 3077528]
"Akamai NetSession Interface"="c:\users\USERXYZ\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Facebook Update"="c:\users\USERXYZ\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"GoogleChromeAutoLaunch_0CAAEB44A9E7283E7AB4DDB9ED1478EF"="c:\users\USERXYZ\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe" [2012-08-02 686792]
.
c:\users\USERXYZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
StartupCPU.lnk - c:\users\USERXYZ\AppData\Roaming\FAH\CPU\StartupCPU.exe [2011-8-25 35944]
StartupGPU.lnk - c:\users\USERXYZ\AppData\Roaming\FAH\GPU\StartupGPU.exe [2011-8-25 35944]
VersionCheck.lnk - c:\users\USERXYZ\AppData\Roaming\FAH\VersionCheck.exe [2011-5-1 45010]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"enablelua"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 716872]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam-DE\GameGuard\dump_wmimmc.sys [x]
R3 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe [2012-10-23 1526296]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-25 283200]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-25 203264]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-12-04 103472]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [2013-05-15 2833448]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys [2012-09-21 21656]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:08]
.
2013-05-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2445217360-1134911335-3497317240-1001Core.job
- c:\users\USERXYZ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-10 10:57]
.
2013-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2445217360-1134911335-3497317240-1001UA.job
- c:\users\USERXYZ\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-10 10:57]
.
2013-05-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2445217360-1134911335-3497317240-500Core.job
- c:\users\Administrator.USERXYZ-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:02]
.
2013-05-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2445217360-1134911335-3497317240-500UA.job
- c:\users\Administrator.USERXYZ-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-09 16:02]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-22 15:33]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-22 15:33]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2445217360-1134911335-3497317240-1001Core.job
- c:\users\USERXYZ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 14:50]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2445217360-1134911335-3497317240-1001UA.job
- c:\users\USERXYZ\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 14:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-04 11:57	244696	----a-w-	c:\users\USERXYZ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-04 11:57	244696	----a-w-	c:\users\USERXYZ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-04 11:57	244696	----a-w-	c:\users\USERXYZ\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\USERXYZ\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"LXBSCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBStime.dll" [2007-02-22 28672]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\USERXYZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\USERXYZ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{1E864EAC-892F-4A60-8C17-63123FD5731C} - c:\program files (x86)\Koyote Soft Toolbar\IE\4.6\koyotesoftToolbarIE.dll
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
Toolbar-Locked - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
Toolbar-{1E864EAC-892F-4A60-8C17-63123FD5731C} - c:\program files (x86)\Koyote Soft Toolbar\IE\4.6\koyotesoftToolbarIE.dll
Toolbar-10 - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\Steam\Steam.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Linkury Chrome Smartbar - c:\program files (x86)\Linkury\Linkury.exe
Wow6432Node-HKCU-Run-WLSync - c:\program files (x86)\Windows Live\Mesh\WLSync.exe
Wow6432Node-HKCU-Run-renovator - c:\users\USERXYZ\AppData\Roaming\Mozilla\{220D201C-751E-453F-979E-FCCD1837DAA5}\renovator.exe
Wow6432Node-HKLM-Run-Norton Online Backup - c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Wow6432Node-HKLM-Run-Microsoft Default Manager - c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe
Wow6432Node-HKLM-Run-BingDesktop - c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe
Wow6432Node-HKLM-Run-Iminent - c:\program files (x86)\Iminent\Iminent.exe
Wow6432Node-HKLM-Run-IminentMessenger - c:\program files (x86)\Iminent\Iminent.Messengers.exe
Wow6432Node-HKU-Default-Run-4Y3Y0C3AYF7W0A0DHHDPS - c:\recycle.bin\B6232F3AD9F.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe
AddRemove-GOGPACKSTRONGHOLDCRUSADERHD_is1 - c:\gog games\Stronghold Crusader Extreme HD\unins000.exe
AddRemove-ICQToolbar - c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-IMBoosterARP - c:\program files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe
AddRemove-NCLauncher_GameForge - c:\program files (x86)\GameForge\NCLauncher\Uninstall.exe
AddRemove-Need for Speed Most Wanted_is1 - c:\program files (x86)\EA Games\Need for Speed Most Wanted\unins000.exe
AddRemove-NosTale(DE)_is1 - c:\program files (x86)\GameforgeLive\Games\DEU_deu\NosTale\unins000.exe
AddRemove-Opera 11.64.1403 - c:\program files (x86)\Opera\Opera.exe
AddRemove-Steam App 99870 - c:\program files (x86)\Steam\steam.exe
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files (x86)\Bing Bar Installer\InstallManager.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750} - c:\program files (x86)\Acer GameZone\Cake Mania\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457} - c:\program files (x86)\Acer GameZone\Galapago\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427} - c:\program files (x86)\Acer GameZone\Poker Pop\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477} - c:\program files (x86)\Acer GameZone\Merriam Websters Spell Jam\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477} - c:\program files (x86)\Acer GameZone\Amazonia\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380} - c:\program files (x86)\Acer GameZone\Heroes of Hellas\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110} - c:\program files (x86)\Acer GameZone\Dream Day First Home\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173} - c:\program files (x86)\Acer GameZone\Airport Mania First Flight\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173} - c:\program files (x86)\Acer GameZone\Farm Frenzy 2\Uninstall.exe
AddRemove-Adlsoft Uncompressor - c:\program files (x86)\Adlsoft Uncompressor\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2445217360-1134911335-3497317240-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2445217360-1134911335-3497317240-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2445217360-1134911335-3497317240-1001\Software\SecuROM\License information*]
"datasecu"=hex:0b,34,f6,da,f8,81,52,4c,17,ec,c6,1a,ba,73,2e,91,dd,af,ba,35,da,
   2e,17,b8,ec,cf,59,0a,71,64,26,d3,14,d9,da,a2,05,b3,30,85,aa,f6,d6,f9,05,ac,\
"rkeysecu"=hex:db,05,f6,0b,81,ae,6a,a2,20,e1,e0,52,20,f7,9e,54
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-16  01:04:00
ComboFix-quarantined-files.txt  2013-05-15 23:04
.
Vor Suchlauf: 13 Verzeichnis(se), 217.158.619.136 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 217.166.716.928 Bytes frei
.
- - End Of File - - BC9C57C7BF589C0FEDCE9F2DC5D6209B
         

Antwort

Themen zu GVU-Trojaner mit Webcam Bild auf WIN7 64Bit
abgesicherten, aktuelle, anti-malware, bild, daten, emsisoft, folge, folgende, gestartet, kopieren, laptop, log, malwarebytes, modus, neu, offline, programme, stick, trojaner, usb, usb stick, webcam, wichtige, wichtige daten, win, win7, win7 64bit, überhaupt



Ähnliche Themen: GVU-Trojaner mit Webcam Bild auf WIN7 64Bit


  1. gvu Trojaner mit webcam Bild, Windows XP
    Log-Analyse und Auswertung - 06.08.2013 (16)
  2. Win7 GVU/BKA Trojaner / webcam bild / abgesicherter Modus läuft nicht /
    Log-Analyse und Auswertung - 28.07.2013 (18)
  3. Trojaner mit Zahlungsaufforderung 100€ + Webcam Bild
    Plagegeister aller Art und deren Bekämpfung - 29.06.2013 (16)
  4. Polizei Trojaner mit Webcam Bild
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (13)
  5. GVU Trojaner mit Webcam-Bild
    Log-Analyse und Auswertung - 29.09.2012 (10)
  6. GVU Trojaner mit Webcam-Bild eingefangen
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (14)
  7. Polizei Virus Östrreich mit webcam, Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (10)
  8. GVU Trojaner mit Bild von Webcam auf der rechten Seite im Screen
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (9)
  9. GVU-Trojaner mit webcam-bild
    Log-Analyse und Auswertung - 14.08.2012 (6)
  10. Win7 home pre 64bit mit gvu trojaner mit webcam
    Log-Analyse und Auswertung - 31.07.2012 (4)
  11. GVU Trojaner mit Webcam Win 7 64bit
    Log-Analyse und Auswertung - 30.07.2012 (1)
  12. GVU-Trojaner mit webcam-bild, otl scan mitgeliefert
    Log-Analyse und Auswertung - 29.07.2012 (3)
  13. GVU Trojamer mit Webcam - Win7 64bit
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (22)
  14. GVU-Trojaner 2.07 mit Webcam-Bild sperrt mein System Win 7 64bit
    Log-Analyse und Auswertung - 20.07.2012 (8)
  15. GVU-Trojaner mit Webcam-Bild
    Log-Analyse und Auswertung - 16.07.2012 (8)
  16. GVU-Trojaner 2.07 mit Webcam-Bild - Ukash 100€ blockiert mein System
    Log-Analyse und Auswertung - 15.07.2012 (14)
  17. WIN 7 Home Premium GVU Trojaner mit Webcam-Bild
    Log-Analyse und Auswertung - 11.07.2012 (1)

Zum Thema GVU-Trojaner mit Webcam Bild auf WIN7 64Bit - Hallo mein Nachbar hat sich so ein Trojaner eingefangen. System Laptop Acer WIN7 64-Bit Wenn ich das System normal starte kommt nach einer weile das bekannte Bild mit der Zahlungsauforderung. - GVU-Trojaner mit Webcam Bild auf WIN7 64Bit...
Archiv
Du betrachtest: GVU-Trojaner mit Webcam Bild auf WIN7 64Bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.