| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Troj/ZbotMem-B // gefunden mit SophosWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.12.2012, 20:19
| #1 |
| |  Troj/ZbotMem-B // gefunden mit Sophos Hallo liebe Community, ich habe heute durch Sophos erfahren, dass ich mir den Trojaner "Troj/ZbotMem-B" eingefangen habe. Nach meiner Google-Recherche bin ich bei diesem Bord gelandet, und hoffe das jemand, trotz des Weihnachtsstresses, ein wenig Zeit findet mir zu helfen.  Mein System: Fujitsu Lifebook T-Series Windows 7 Professional SP 1 64 bit - Version Geändert von hotdogreen (22.12.2012 um 20:25 Uhr) |
|
22.12.2012, 21:38
| #2 | |
| /// TB-Ausbilder  | Troj/ZbotMem-B // gefunden mit Sophos Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ |
|
22.12.2012, 22:20
| #3 |
| | Troj/ZbotMem-B // gefunden mit Sophos Hallo ryder,
__________________vielen Dank für deine schnelle Antwort. Schritt 1: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:53 on 22/12/2012 (Student)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Im ersten Durchlauf ein Absturz. Zwiter Durchlauf mit der Einstellung AV-Scan = None Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-22 22:05:01
-----------------------------
22:05:01.308 OS Version: Windows x64 6.1.7601 Service Pack 1
22:05:01.308 Number of processors: 4 586 0x2A07
22:05:01.308 ComputerName: DUST00674 UserName: Student
22:05:02.289 Initialize success
22:05:07.888 AVAST engine defs: 12122200
22:05:17.884 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:05:17.886 Disk 0 Vendor: TOSHIBA_ MH00 Size: 305245MB BusType: 3
22:05:17.977 Disk 0 MBR read successfully
22:05:17.982 Disk 0 MBR scan
22:05:17.988 Disk 0 Windows 7 default MBR code
22:05:17.996 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:05:18.012 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
22:05:18.046 Disk 0 scanning C:\Windows\system32\drivers
22:05:33.798 Service scanning
22:06:08.068 Modules scanning
22:06:08.073 Disk 0 trace - called modules:
22:06:08.107 ntoskrnl.exe CLASSPNP.SYS disk.sys rstfltr.sys ACPI.sys iaStor.sys
22:06:08.110 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062a3060]
22:06:08.114 3 CLASSPNP.SYS[fffff88001b7743f] -> nt!IofCallDriver -> [0xfffffa800486ac50]
22:06:08.117 5 rstfltr.sys[fffff88001ac6069] -> nt!IofCallDriver -> [0xfffffa800443c420]
22:06:08.123 7 ACPI.sys[fffff88000fb17a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004440050]
22:06:08.126 Scan finished successfully
22:06:37.926 Disk 0 MBR has been saved successfully to "C:\Users\Student\Desktop\MBR.dat"
22:06:37.931 The log file has been saved successfully to "C:\Users\Student\Desktop\aswMBR.txt"
Code:
ATTFilter 22:08:21.0048 6928 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:08:21.0209 6928 ============================================================
22:08:21.0209 6928 Current date / time: 2012/12/22 22:08:21.0209
22:08:21.0210 6928 SystemInfo:
22:08:21.0210 6928
22:08:21.0210 6928 OS Version: 6.1.7601 ServicePack: 1.0
22:08:21.0210 6928 Product type: Workstation
22:08:21.0210 6928 ComputerName: DUST00674
22:08:21.0210 6928 UserName: Student
22:08:21.0210 6928 Windows directory: C:\Windows
22:08:21.0210 6928 System windows directory: C:\Windows
22:08:21.0210 6928 Running under WOW64
22:08:21.0210 6928 Processor architecture: Intel x64
22:08:21.0210 6928 Number of processors: 4
22:08:21.0210 6928 Page size: 0x1000
22:08:21.0210 6928 Boot type: Normal boot
22:08:21.0210 6928 ============================================================
22:08:22.0378 6928 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:08:22.0416 6928 ============================================================
22:08:22.0416 6928 \Device\Harddisk0\DR0:
22:08:22.0416 6928 MBR partitions:
22:08:22.0416 6928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:08:22.0417 6928 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
22:08:22.0417 6928 ============================================================
22:08:22.0532 6928 C: <-> \Device\Harddisk0\DR0\Partition2
22:08:22.0597 6928 ============================================================
22:08:22.0597 6928 Initialize success
22:08:22.0597 6928 ============================================================
22:08:41.0748 7824 ============================================================
22:08:41.0748 7824 Scan started
22:08:41.0748 7824 Mode: Manual; TDLFS;
22:08:41.0748 7824 ============================================================
22:08:41.0980 7824 ================ Scan system memory ========================
22:08:41.0980 7824 System memory - ok
22:08:41.0981 7824 ================ Scan services =============================
22:08:42.0222 7824 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:08:42.0225 7824 1394ohci - ok
22:08:42.0281 7824 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
22:08:42.0282 7824 acedrv11 - ok
22:08:42.0296 7824 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:08:42.0301 7824 ACPI - ok
22:08:42.0342 7824 [ 12C5274CD87449A2A37A607CDB321922 ] acpials C:\Windows\system32\DRIVERS\acpials.sys
22:08:42.0343 7824 acpials - ok
22:08:42.0371 7824 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:08:42.0372 7824 AcpiPmi - ok
22:08:42.0463 7824 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:08:42.0465 7824 AdobeARMservice - ok
22:08:42.0520 7824 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:08:42.0522 7824 adp94xx - ok
22:08:42.0548 7824 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:08:42.0549 7824 adpahci - ok
22:08:42.0576 7824 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:08:42.0578 7824 adpu320 - ok
22:08:42.0615 7824 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:08:42.0618 7824 AeLookupSvc - ok
22:08:42.0669 7824 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:08:42.0676 7824 AFD - ok
22:08:42.0699 7824 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:08:42.0700 7824 agp440 - ok
22:08:42.0733 7824 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:08:42.0734 7824 ALG - ok
22:08:42.0766 7824 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:08:42.0767 7824 aliide - ok
22:08:42.0782 7824 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:08:42.0782 7824 amdide - ok
22:08:42.0795 7824 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:08:42.0795 7824 AmdK8 - ok
22:08:42.0799 7824 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:08:42.0799 7824 AmdPPM - ok
22:08:42.0832 7824 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:08:42.0833 7824 amdsata - ok
22:08:42.0845 7824 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:08:42.0846 7824 amdsbs - ok
22:08:42.0871 7824 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:08:42.0871 7824 amdxata - ok
22:08:42.0875 7824 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:08:42.0876 7824 AppID - ok
22:08:42.0908 7824 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:08:42.0908 7824 AppIDSvc - ok
22:08:42.0919 7824 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:08:42.0920 7824 Appinfo - ok
22:08:43.0007 7824 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:08:43.0009 7824 Apple Mobile Device - ok
22:08:43.0044 7824 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:08:43.0047 7824 AppMgmt - ok
22:08:43.0069 7824 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:08:43.0070 7824 arc - ok
22:08:43.0124 7824 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:08:43.0126 7824 arcsas - ok
22:08:43.0269 7824 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:08:43.0308 7824 aspnet_state - ok
22:08:43.0348 7824 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:08:43.0349 7824 AsyncMac - ok
22:08:43.0384 7824 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:08:43.0385 7824 atapi - ok
22:08:43.0576 7824 [ FA47E65AA0C1DBC6DFEB7E9C6F12A5EA ] ATService C:\Program Files\Fingerprint Sensor\ATService.exe
22:08:43.0599 7824 ATService - ok
22:08:43.0626 7824 [ 4131DABB573D70FDA332A55F206F6CFF ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
22:08:43.0629 7824 ATSwpWDF - ok
22:08:43.0674 7824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:08:43.0686 7824 AudioEndpointBuilder - ok
22:08:43.0700 7824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:08:43.0703 7824 AudioSrv - ok
22:08:43.0729 7824 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:08:43.0730 7824 AxInstSV - ok
22:08:43.0778 7824 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:08:43.0781 7824 b06bdrv - ok
22:08:43.0799 7824 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:08:43.0801 7824 b57nd60a - ok
22:08:43.0821 7824 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:08:43.0821 7824 BDESVC - ok
22:08:43.0833 7824 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:08:43.0834 7824 Beep - ok
22:08:43.0880 7824 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:08:43.0895 7824 BFE - ok
22:08:43.0941 7824 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:08:43.0951 7824 BITS - ok
22:08:43.0984 7824 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:08:43.0985 7824 blbdrive - ok
22:08:44.0039 7824 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:08:44.0047 7824 Bonjour Service - ok
22:08:44.0075 7824 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:08:44.0076 7824 bowser - ok
22:08:44.0100 7824 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:08:44.0101 7824 BrFiltLo - ok
22:08:44.0114 7824 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:08:44.0115 7824 BrFiltUp - ok
22:08:44.0156 7824 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:08:44.0159 7824 Browser - ok
22:08:44.0197 7824 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:08:44.0200 7824 Brserid - ok
22:08:44.0215 7824 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:08:44.0215 7824 BrSerWdm - ok
22:08:44.0225 7824 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:08:44.0225 7824 BrUsbMdm - ok
22:08:44.0229 7824 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:08:44.0229 7824 BrUsbSer - ok
22:08:44.0245 7824 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:08:44.0246 7824 BTHMODEM - ok
22:08:44.0280 7824 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:08:44.0280 7824 bthserv - ok
22:08:44.0303 7824 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:08:44.0304 7824 cdfs - ok
22:08:44.0330 7824 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:08:44.0332 7824 cdrom - ok
22:08:44.0361 7824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:08:44.0362 7824 CertPropSvc - ok
22:08:44.0388 7824 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:08:44.0389 7824 circlass - ok
22:08:44.0412 7824 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:08:44.0415 7824 CLFS - ok
22:08:44.0472 7824 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:08:44.0509 7824 clr_optimization_v2.0.50727_32 - ok
22:08:44.0549 7824 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:08:44.0565 7824 clr_optimization_v2.0.50727_64 - ok
22:08:44.0640 7824 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:08:44.0792 7824 clr_optimization_v4.0.30319_32 - ok
22:08:44.0810 7824 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:08:44.0824 7824 clr_optimization_v4.0.30319_64 - ok
22:08:44.0844 7824 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:08:44.0845 7824 CmBatt - ok
22:08:44.0873 7824 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:08:44.0874 7824 cmdide - ok
22:08:44.0930 7824 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:08:44.0932 7824 CNG - ok
22:08:44.0967 7824 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:08:44.0967 7824 Compbatt - ok
22:08:44.0984 7824 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:08:44.0984 7824 CompositeBus - ok
22:08:44.0994 7824 COMSysApp - ok
22:08:45.0007 7824 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:08:45.0008 7824 crcdisk - ok
22:08:45.0039 7824 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:08:45.0042 7824 CryptSvc - ok
22:08:45.0076 7824 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:08:45.0082 7824 CSC - ok
22:08:45.0113 7824 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:08:45.0124 7824 CscService - ok
22:08:45.0157 7824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:08:45.0163 7824 DcomLaunch - ok
22:08:45.0186 7824 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:08:45.0190 7824 defragsvc - ok
22:08:45.0209 7824 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:08:45.0210 7824 DfsC - ok
22:08:45.0236 7824 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:08:45.0240 7824 Dhcp - ok
22:08:45.0261 7824 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:08:45.0261 7824 discache - ok
22:08:45.0360 7824 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:08:45.0361 7824 Disk - ok
22:08:45.0419 7824 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
22:08:45.0420 7824 dmvsc - ok
22:08:45.0448 7824 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:08:45.0451 7824 Dnscache - ok
22:08:45.0485 7824 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:08:45.0486 7824 dot3svc - ok
22:08:45.0498 7824 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:08:45.0500 7824 DPS - ok
22:08:45.0540 7824 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:08:45.0541 7824 drmkaud - ok
22:08:45.0586 7824 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:08:45.0592 7824 dtsoftbus01 - ok
22:08:45.0642 7824 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:08:45.0651 7824 DXGKrnl - ok
22:08:45.0696 7824 [ DC1776D086AA9733B1929A3D979D9FDD ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
22:08:45.0698 7824 e1cexpress - ok
22:08:45.0721 7824 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:08:45.0723 7824 EapHost - ok
22:08:45.0832 7824 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:08:45.0865 7824 ebdrv - ok
22:08:45.0915 7824 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:08:45.0916 7824 EFS - ok
22:08:45.0969 7824 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:08:46.0005 7824 ehRecvr - ok
22:08:46.0017 7824 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:08:46.0034 7824 ehSched - ok
22:08:46.0077 7824 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:08:46.0082 7824 elxstor - ok
22:08:46.0099 7824 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:08:46.0100 7824 ErrDev - ok
22:08:46.0153 7824 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:08:46.0158 7824 EventSystem - ok
22:08:46.0262 7824 [ 7A526761229C10B0D8508B905F0FEE4C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:08:46.0281 7824 EvtEng - ok
22:08:46.0306 7824 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:08:46.0307 7824 exfat - ok
22:08:46.0322 7824 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:08:46.0324 7824 fastfat - ok
22:08:46.0356 7824 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:08:46.0364 7824 Fax - ok
22:08:46.0404 7824 [ 9955BF48FD2FA8D481848CD3024EDD0B ] FBIOSDRV C:\Windows\system32\Drivers\FBIOSDRV.sys
22:08:46.0405 7824 FBIOSDRV - ok
22:08:46.0417 7824 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:08:46.0417 7824 fdc - ok
22:08:46.0438 7824 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:08:46.0439 7824 fdPHost - ok
22:08:46.0450 7824 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:08:46.0451 7824 FDResPub - ok
22:08:46.0456 7824 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:08:46.0457 7824 FileInfo - ok
22:08:46.0469 7824 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:08:46.0470 7824 Filetrace - ok
22:08:46.0496 7824 [ 5E5203A036F5477B302EF15494D8A9D4 ] Fjbtndrv C:\Windows\system32\DRIVERS\FjBtnDrv.sys
22:08:46.0497 7824 Fjbtndrv - ok
22:08:46.0537 7824 [ 2FA407147F273D7852FEB7BDA71E54E1 ] FJGSDisk C:\Windows\system32\DRIVERS\FJGSDisk.sys
22:08:46.0537 7824 FJGSDisk - ok
22:08:46.0563 7824 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:08:46.0563 7824 flpydisk - ok
22:08:46.0580 7824 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:08:46.0582 7824 FltMgr - ok
22:08:46.0620 7824 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:08:46.0631 7824 FontCache - ok
22:08:46.0683 7824 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:08:46.0738 7824 FontCache3.0.0.0 - ok
22:08:46.0759 7824 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:08:46.0759 7824 FsDepends - ok
22:08:46.0784 7824 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:08:46.0785 7824 Fs_Rec - ok
22:08:46.0820 7824 [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] FUJ02B1 C:\Windows\system32\DRIVERS\FUJ02B1.sys
22:08:46.0821 7824 FUJ02B1 - ok
22:08:46.0850 7824 [ 7135030CBF87D724B6037BB023923730 ] FUJ02E3 C:\Windows\system32\DRIVERS\FUJ02E3.sys
22:08:46.0851 7824 FUJ02E3 - ok
22:08:46.0891 7824 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:08:46.0893 7824 fvevol - ok
22:08:46.0911 7824 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:08:46.0912 7824 gagp30kx - ok
22:08:46.0956 7824 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:08:46.0957 7824 GEARAspiWDM - ok
22:08:47.0004 7824 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:08:47.0021 7824 gpsvc - ok
22:08:47.0067 7824 [ FB9AD1E93E445AB84594931B8552501A ] guardian2 C:\Windows\system32\Drivers\oz776x64.sys
22:08:47.0068 7824 guardian2 - ok
22:08:47.0082 7824 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:08:47.0083 7824 hcw85cir - ok
22:08:47.0125 7824 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:08:47.0126 7824 HdAudAddService - ok
22:08:47.0166 7824 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:08:47.0167 7824 HDAudBus - ok
22:08:47.0178 7824 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:08:47.0179 7824 HidBatt - ok
22:08:47.0195 7824 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:08:47.0196 7824 HidBth - ok
22:08:47.0229 7824 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:08:47.0230 7824 HidIr - ok
22:08:47.0259 7824 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:08:47.0260 7824 hidserv - ok
22:08:47.0288 7824 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:08:47.0289 7824 HidUsb - ok
22:08:47.0307 7824 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:08:47.0309 7824 hkmsvc - ok
22:08:47.0331 7824 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:08:47.0333 7824 HomeGroupListener - ok
22:08:47.0365 7824 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:08:47.0368 7824 HomeGroupProvider - ok
22:08:47.0390 7824 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:08:47.0391 7824 HpSAMD - ok
22:08:47.0424 7824 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:08:47.0428 7824 HTTP - ok
22:08:47.0441 7824 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:08:47.0441 7824 hwpolicy - ok
22:08:47.0465 7824 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:08:47.0466 7824 i8042prt - ok
22:08:47.0511 7824 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\Windows\system32\drivers\iaStor.sys
22:08:47.0513 7824 iaStor - ok
22:08:47.0546 7824 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:08:47.0548 7824 iaStorV - ok
22:08:47.0593 7824 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:08:47.0665 7824 idsvc - ok
22:08:47.0981 7824 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:08:48.0164 7824 igfx - ok
22:08:48.0194 7824 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:08:48.0194 7824 iirsp - ok
22:08:48.0312 7824 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:08:48.0330 7824 IKEEXT - ok
22:08:48.0437 7824 [ D492D3B5A8DDDE1D6621A8C53855EABF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:08:48.0451 7824 IntcAzAudAddService - ok
22:08:48.0504 7824 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:08:48.0509 7824 IntcDAud - ok
22:08:48.0546 7824 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:08:48.0546 7824 intelide - ok
22:08:48.0569 7824 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:08:48.0570 7824 intelppm - ok
22:08:48.0609 7824 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:08:48.0612 7824 IPBusEnum - ok
22:08:48.0631 7824 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:08:48.0631 7824 IpFilterDriver - ok
22:08:48.0685 7824 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:08:48.0698 7824 iphlpsvc - ok
22:08:48.0717 7824 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:08:48.0718 7824 IPMIDRV - ok
22:08:48.0737 7824 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:08:48.0738 7824 IPNAT - ok
22:08:48.0796 7824 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:08:48.0807 7824 iPod Service - ok
22:08:48.0841 7824 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:08:48.0842 7824 IRENUM - ok
22:08:48.0869 7824 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:08:48.0869 7824 isapnp - ok
22:08:48.0884 7824 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:08:48.0885 7824 iScsiPrt - ok
22:08:48.0909 7824 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:08:48.0909 7824 kbdclass - ok
22:08:48.0934 7824 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:08:48.0934 7824 kbdhid - ok
22:08:48.0957 7824 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:08:48.0957 7824 KeyIso - ok
22:08:48.0996 7824 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:08:48.0997 7824 KSecDD - ok
22:08:49.0011 7824 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:08:49.0012 7824 KSecPkg - ok
22:08:49.0029 7824 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:08:49.0029 7824 ksthunk - ok
22:08:49.0057 7824 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:08:49.0060 7824 KtmRm - ok
22:08:49.0084 7824 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:08:49.0087 7824 LanmanServer - ok
22:08:49.0114 7824 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:08:49.0117 7824 LanmanWorkstation - ok
22:08:49.0151 7824 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:08:49.0151 7824 lltdio - ok
22:08:49.0177 7824 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:08:49.0179 7824 lltdsvc - ok
22:08:49.0195 7824 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:08:49.0197 7824 lmhosts - ok
22:08:49.0270 7824 [ A63B719F4F8657F3FCD84436D09378C8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:08:49.0277 7824 LMS - ok
22:08:49.0307 7824 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:08:49.0307 7824 LSI_FC - ok
22:08:49.0321 7824 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:08:49.0322 7824 LSI_SAS - ok
22:08:49.0338 7824 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:08:49.0339 7824 LSI_SAS2 - ok
22:08:49.0366 7824 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:08:49.0367 7824 LSI_SCSI - ok
22:08:49.0392 7824 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:08:49.0392 7824 luafv - ok
22:08:49.0443 7824 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:08:49.0444 7824 MBAMProtector - ok
22:08:49.0557 7824 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:08:49.0563 7824 MBAMScheduler - ok
22:08:49.0640 7824 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:08:49.0654 7824 MBAMService - ok
22:08:49.0713 7824 [ DD77E54EC5CBE1AFF48486BC3E0E3A64 ] MCSWASVR C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
22:08:49.0714 7824 MCSWASVR - ok
22:08:49.0741 7824 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:08:49.0744 7824 Mcx2Svc - ok
22:08:49.0775 7824 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:08:49.0776 7824 megasas - ok
22:08:49.0836 7824 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:08:49.0837 7824 MegaSR - ok
22:08:49.0859 7824 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:08:49.0859 7824 MEIx64 - ok
22:08:49.0884 7824 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:08:49.0886 7824 MMCSS - ok
22:08:49.0897 7824 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:08:49.0897 7824 Modem - ok
22:08:49.0914 7824 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:08:49.0914 7824 monitor - ok
22:08:49.0938 7824 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:08:49.0938 7824 mouclass - ok
22:08:49.0959 7824 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:08:49.0960 7824 mouhid - ok
22:08:49.0981 7824 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:08:49.0982 7824 mountmgr - ok
22:08:50.0069 7824 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:08:50.0082 7824 MozillaMaintenance - ok
22:08:50.0098 7824 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:08:50.0099 7824 mpio - ok
22:08:50.0122 7824 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:08:50.0122 7824 mpsdrv - ok
22:08:50.0217 7824 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:08:50.0236 7824 MpsSvc - ok
22:08:50.0256 7824 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:08:50.0256 7824 MRxDAV - ok
22:08:50.0322 7824 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:08:50.0323 7824 mrxsmb - ok
22:08:50.0352 7824 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:08:50.0357 7824 mrxsmb10 - ok
22:08:50.0374 7824 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:08:50.0377 7824 mrxsmb20 - ok
22:08:50.0394 7824 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:08:50.0394 7824 msahci - ok
22:08:50.0416 7824 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:08:50.0417 7824 msdsm - ok
22:08:50.0466 7824 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:08:50.0468 7824 MSDTC - ok
22:08:50.0516 7824 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:08:50.0517 7824 Msfs - ok
22:08:50.0531 7824 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:08:50.0531 7824 mshidkmdf - ok
22:08:50.0543 7824 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:08:50.0543 7824 msisadrv - ok
22:08:50.0580 7824 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:08:50.0581 7824 MSiSCSI - ok
22:08:50.0585 7824 msiserver - ok
22:08:50.0609 7824 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:08:50.0609 7824 MSKSSRV - ok
22:08:50.0617 7824 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:08:50.0618 7824 MSPCLOCK - ok
22:08:50.0625 7824 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:08:50.0625 7824 MSPQM - ok
22:08:50.0655 7824 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:08:50.0657 7824 MsRPC - ok
22:08:50.0672 7824 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:08:50.0673 7824 mssmbios - ok
22:08:50.0735 7824 MSSQL$SQLEXPRESS - ok
22:08:50.0807 7824 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:08:50.0835 7824 MSSQLServerADHelper100 - ok
22:08:50.0862 7824 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:08:50.0863 7824 MSTEE - ok
22:08:50.0888 7824 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:08:50.0888 7824 MTConfig - ok
22:08:50.0907 7824 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:08:50.0908 7824 Mup - ok
22:08:50.0952 7824 [ 95D193CAE3C4D575D88B6D93DDCD60D3 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:08:50.0999 7824 MyWiFiDHCPDNS - ok
22:08:51.0031 7824 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:08:51.0037 7824 napagent - ok
22:08:51.0074 7824 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:08:51.0076 7824 NativeWifiP - ok
22:08:51.0127 7824 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:08:51.0131 7824 NDIS - ok
22:08:51.0142 7824 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:08:51.0142 7824 NdisCap - ok
22:08:51.0161 7824 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:08:51.0161 7824 NdisTapi - ok
22:08:51.0184 7824 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:08:51.0185 7824 Ndisuio - ok
22:08:51.0197 7824 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:08:51.0198 7824 NdisWan - ok
22:08:51.0210 7824 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:08:51.0211 7824 NDProxy - ok
22:08:51.0240 7824 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
22:08:51.0241 7824 Netaapl - ok
22:08:51.0264 7824 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:08:51.0264 7824 NetBIOS - ok
22:08:51.0276 7824 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:08:51.0277 7824 NetBT - ok
22:08:51.0298 7824 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:08:51.0299 7824 Netlogon - ok
22:08:51.0333 7824 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:08:51.0337 7824 Netman - ok
22:08:51.0381 7824 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:08:51.0489 7824 NetMsmqActivator - ok
22:08:51.0492 7824 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:08:51.0493 7824 NetPipeActivator - ok
22:08:51.0500 7824 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:08:51.0505 7824 netprofm - ok
22:08:51.0516 7824 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:08:51.0517 7824 NetTcpActivator - ok
22:08:51.0520 7824 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:08:51.0521 7824 NetTcpPortSharing - ok
22:08:51.0684 7824 [ 8ADAA4CC125EC1A1CB66E363DF531CC4 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
22:08:51.0753 7824 NETwNs64 - ok
22:08:51.0797 7824 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:08:51.0798 7824 nfrd960 - ok
22:08:51.0841 7824 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:08:51.0848 7824 NlaSvc - ok
22:08:51.0890 7824 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:08:51.0892 7824 Npfs - ok
22:08:51.0925 7824 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:08:51.0927 7824 nsi - ok
22:08:51.0945 7824 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:08:51.0946 7824 nsiproxy - ok
22:08:52.0004 7824 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:08:52.0012 7824 Ntfs - ok
22:08:52.0015 7824 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:08:52.0016 7824 Null - ok
22:08:52.0055 7824 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:08:52.0056 7824 nusb3hub - ok
22:08:52.0088 7824 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:08:52.0090 7824 nusb3xhc - ok
22:08:52.0127 7824 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:08:52.0128 7824 nvraid - ok
22:08:52.0143 7824 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:08:52.0145 7824 nvstor - ok
22:08:52.0182 7824 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:08:52.0183 7824 nv_agp - ok
22:08:52.0302 7824 [ 5A8C30C1144EC970E431AC6747C37D8B ] NWSAPAutoWorkstationUpdateSvc C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
22:08:52.0307 7824 NWSAPAutoWorkstationUpdateSvc - ok
22:08:52.0341 7824 [ 4E37455DB16AEC75862B1D0BC35B589E ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
22:08:52.0343 7824 O2FLASH - ok
22:08:52.0356 7824 [ 8ED738ABA394BBF6D7802698BE453112 ] O2MDRRDR C:\Windows\system32\DRIVERS\O2MDRw7x64.sys
22:08:52.0357 7824 O2MDRRDR - ok
22:08:52.0378 7824 [ F9C35982D4CFC7DAA739125476E8F139 ] O2SDJRDR C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
22:08:52.0379 7824 O2SDJRDR - ok
22:08:52.0409 7824 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:08:52.0410 7824 ohci1394 - ok
22:08:52.0468 7824 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:08:52.0481 7824 ose64 - ok
22:08:52.0632 7824 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:08:52.0907 7824 osppsvc - ok
22:08:52.0953 7824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:08:52.0957 7824 p2pimsvc - ok
22:08:52.0987 7824 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:08:52.0995 7824 p2psvc - ok
22:08:53.0026 7824 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:08:53.0027 7824 Parport - ok
22:08:53.0062 7824 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:08:53.0062 7824 partmgr - ok
22:08:53.0073 7824 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:08:53.0077 7824 PcaSvc - ok
22:08:53.0094 7824 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:08:53.0096 7824 pci - ok
22:08:53.0107 7824 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:08:53.0108 7824 pciide - ok
22:08:53.0129 7824 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:08:53.0131 7824 pcmcia - ok
22:08:53.0148 7824 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:08:53.0149 7824 pcw - ok
22:08:53.0172 7824 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:08:53.0175 7824 PEAUTH - ok
22:08:53.0218 7824 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:08:53.0231 7824 PeerDistSvc - ok
22:08:53.0298 7824 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:08:53.0323 7824 PerfHost - ok
22:08:53.0411 7824 [ 6CE8BB00A615A4F3FA2F36FDB2EF4EFA ] PFNService C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
22:08:53.0415 7824 PFNService - ok
22:08:53.0455 7824 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:08:53.0468 7824 pla - ok
22:08:53.0515 7824 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:08:53.0527 7824 PlugPlay - ok
22:08:53.0546 7824 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:08:53.0548 7824 PNRPAutoReg - ok
22:08:53.0571 7824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:08:53.0574 7824 PNRPsvc - ok
22:08:53.0608 7824 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:08:53.0615 7824 PolicyAgent - ok
22:08:53.0645 7824 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:08:53.0648 7824 Power - ok
22:08:53.0720 7824 [ 76FF4836EFA78DBF3F39F612D88CA7E7 ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
22:08:53.0723 7824 PowerSavingUtilityService - ok
22:08:53.0760 7824 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:08:53.0763 7824 PptpMiniport - ok
22:08:53.0806 7824 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:08:53.0807 7824 Processor - ok
22:08:53.0840 7824 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:08:53.0845 7824 ProfSvc - ok
22:08:53.0856 7824 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:08:53.0858 7824 ProtectedStorage - ok
22:08:53.0888 7824 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:08:53.0889 7824 Psched - ok
22:08:53.0949 7824 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:08:53.0962 7824 ql2300 - ok
22:08:53.0976 7824 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:08:53.0977 7824 ql40xx - ok
22:08:54.0005 7824 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:08:54.0007 7824 QWAVE - ok
22:08:54.0017 7824 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:08:54.0017 7824 QWAVEdrv - ok
22:08:54.0035 7824 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:08:54.0035 7824 RasAcd - ok
22:08:54.0068 7824 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:08:54.0068 7824 RasAgileVpn - ok
22:08:54.0081 7824 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:08:54.0083 7824 RasAuto - ok
22:08:54.0110 7824 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:08:54.0111 7824 Rasl2tp - ok
22:08:54.0142 7824 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:08:54.0144 7824 RasMan - ok
22:08:54.0155 7824 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:08:54.0155 7824 RasPppoe - ok
22:08:54.0163 7824 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:08:54.0164 7824 RasSstp - ok
22:08:54.0178 7824 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:08:54.0179 7824 rdbss - ok
22:08:54.0192 7824 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:08:54.0192 7824 rdpbus - ok
22:08:54.0197 7824 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:08:54.0197 7824 RDPCDD - ok
22:08:54.0215 7824 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:08:54.0216 7824 RDPDR - ok
22:08:54.0230 7824 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:08:54.0230 7824 RDPENCDD - ok
22:08:54.0243 7824 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:08:54.0244 7824 RDPREFMP - ok
22:08:54.0272 7824 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:08:54.0273 7824 RDPWD - ok
22:08:54.0302 7824 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:08:54.0304 7824 rdyboost - ok
22:08:54.0358 7824 [ 2EC95080FAD2621C5E3034DE4C39A2A3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:08:54.0366 7824 RegSrvc - ok
22:08:54.0394 7824 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:08:54.0396 7824 RemoteAccess - ok
22:08:54.0436 7824 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:08:54.0440 7824 RemoteRegistry - ok
22:08:54.0453 7824 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:08:54.0456 7824 RpcEptMapper - ok
22:08:54.0484 7824 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:08:54.0485 7824 RpcLocator - ok
22:08:54.0506 7824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:08:54.0510 7824 RpcSs - ok
22:08:54.0541 7824 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
22:08:54.0543 7824 RsFx0103 - ok
22:08:54.0584 7824 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:08:54.0585 7824 rspndr - ok
22:08:54.0611 7824 [ E5D8AFC13A276114660CB4ADB3E2D6A3 ] rstescu C:\Windows\system32\drivers\rstescu.sys
22:08:54.0614 7824 rstescu - ok
22:08:54.0637 7824 [ 828572882DBD58D35417DAEED07BC8B6 ] rstescu1 C:\Windows\system32\drivers\rstescu1.sys
22:08:54.0640 7824 rstescu1 - ok
22:08:54.0659 7824 [ 397CFFCD9C8B9978B38163D727C78AA1 ] rstfltr C:\Windows\system32\drivers\rstfltr.sys
22:08:54.0660 7824 rstfltr - ok
22:08:54.0669 7824 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:08:54.0670 7824 s3cap - ok
22:08:54.0681 7824 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:08:54.0682 7824 SamSs - ok
22:08:54.0796 7824 [ 26A05F8833938BD989199E8681B53B86 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
22:08:54.0816 7824 SAVAdminService - ok
22:08:54.0880 7824 [ 2192AE4D310ADB821B38595150F5A384 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
22:08:54.0881 7824 SAVOnAccess - ok
22:08:54.0910 7824 [ B8A272D4E91EFB366E16BEA0FA42D7EE ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
22:08:54.0914 7824 SAVService - ok
22:08:54.0941 7824 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:08:54.0943 7824 sbp2port - ok
22:08:54.0969 7824 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:08:54.0976 7824 SCardSvr - ok
22:08:54.0988 7824 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:08:54.0989 7824 scfilter - ok
22:08:55.0019 7824 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:08:55.0033 7824 Schedule - ok
22:08:55.0061 7824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:08:55.0062 7824 SCPolicySvc - ok
22:08:55.0149 7824 [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
22:08:55.0166 7824 ScrybeUpdater - ok
22:08:55.0193 7824 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:08:55.0194 7824 sdbus - ok
22:08:55.0222 7824 [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
22:08:55.0222 7824 sdcfilter - ok
22:08:55.0246 7824 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:08:55.0249 7824 SDRSVC - ok
22:08:55.0276 7824 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:08:55.0276 7824 secdrv - ok
22:08:55.0291 7824 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:08:55.0293 7824 seclogon - ok
22:08:55.0318 7824 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:08:55.0320 7824 SENS - ok
22:08:55.0333 7824 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:08:55.0335 7824 SensrSvc - ok
22:08:55.0353 7824 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:08:55.0354 7824 Serenum - ok
22:08:55.0365 7824 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:08:55.0366 7824 Serial - ok
22:08:55.0390 7824 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:08:55.0391 7824 sermouse - ok
22:08:55.0409 7824 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:08:55.0411 7824 SessionEnv - ok
22:08:55.0429 7824 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:08:55.0429 7824 sffdisk - ok
22:08:55.0436 7824 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:08:55.0436 7824 sffp_mmc - ok
22:08:55.0461 7824 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:08:55.0461 7824 sffp_sd - ok
22:08:55.0477 7824 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:08:55.0477 7824 sfloppy - ok
22:08:55.0508 7824 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:08:55.0510 7824 SharedAccess - ok
22:08:55.0540 7824 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:08:55.0545 7824 ShellHWDetection - ok
22:08:55.0574 7824 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:08:55.0574 7824 SiSRaid2 - ok
22:08:55.0591 7824 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:08:55.0592 7824 SiSRaid4 - ok
22:08:55.0653 7824 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:08:55.0823 7824 SkypeUpdate - ok
22:08:55.0860 7824 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:08:55.0861 7824 Smb - ok
22:08:55.0900 7824 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:08:55.0901 7824 SNMPTRAP - ok
22:08:55.0982 7824 [ 9CD1C53490EB5601870A69A8E40F7B12 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
22:08:56.0005 7824 SNP2UVC - ok
22:08:56.0048 7824 [ 3068CF091B4334B998380E9C877F5549 ] Sophos Agent C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
22:08:56.0051 7824 Sophos Agent - ok
22:08:56.0100 7824 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
22:08:56.0106 7824 Sophos AutoUpdate Service - ok
22:08:56.0138 7824 [ 1C3D8A4B93A97E3C46B3D01F6F321DC4 ] Sophos Message Router C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
22:08:56.0152 7824 Sophos Message Router - ok
22:08:56.0247 7824 [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
22:08:56.0254 7824 Sophos Web Control Service - ok
22:08:56.0289 7824 [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
22:08:56.0290 7824 SophosBootDriver - ok
22:08:56.0370 7824 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:08:56.0371 7824 spldr - ok
22:08:56.0420 7824 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:08:56.0432 7824 Spooler - ok
22:08:56.0517 7824 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:08:56.0543 7824 sppsvc - ok
22:08:56.0564 7824 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:08:56.0565 7824 sppuinotify - ok
22:08:56.0645 7824 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
22:08:56.0673 7824 SQLAgent$SQLEXPRESS - ok
22:08:56.0724 7824 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:08:56.0983 7824 SQLBrowser - ok
22:08:57.0029 7824 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:08:57.0031 7824 SQLWriter - ok
22:08:57.0065 7824 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:08:57.0067 7824 srv - ok
22:08:57.0081 7824 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:08:57.0083 7824 srv2 - ok
22:08:57.0102 7824 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:08:57.0103 7824 srvnet - ok
22:08:57.0140 7824 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:08:57.0149 7824 SSDPSRV - ok
22:08:57.0169 7824 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:08:57.0174 7824 SstpSvc - ok
22:08:57.0204 7824 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:08:57.0204 7824 stexstor - ok
22:08:57.0242 7824 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:08:57.0248 7824 stisvc - ok
22:08:57.0263 7824 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:08:57.0263 7824 storflt - ok
22:08:57.0274 7824 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:08:57.0276 7824 StorSvc - ok
22:08:57.0289 7824 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:08:57.0290 7824 storvsc - ok
22:08:57.0301 7824 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:08:57.0301 7824 swenum - ok
22:08:57.0438 7824 [ B3379659D773BFDD3B631F5FEE2FF2B3 ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
22:08:57.0461 7824 swi_service - ok
22:08:57.0626 7824 [ F6A5E474ED27BA7938A1D0CA19F7008B ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
22:08:57.0689 7824 swi_update_64 - ok
22:08:57.0717 7824 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:08:57.0720 7824 swprv - ok
22:08:57.0771 7824 [ 8DF6C536ECE3B538978B53C223AB905D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:08:57.0781 7824 SynTP - ok
22:08:57.0847 7824 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:08:57.0869 7824 SysMain - ok
22:08:57.0911 7824 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:08:57.0914 7824 TabletInputService - ok
22:08:58.0110 7824 [ 765FD4777D284BCE6325C98B33814F24 ] TabletServiceISD C:\Program Files\Tablet\ISD\ISD_Tablet.exe
22:08:58.0158 7824 TabletServiceISD - ok
22:08:58.0188 7824 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:08:58.0190 7824 TapiSrv - ok
22:08:58.0202 7824 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:08:58.0204 7824 TBS - ok
22:08:58.0272 7824 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:08:58.0283 7824 Tcpip - ok
22:08:58.0310 7824 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:08:58.0319 7824 TCPIP6 - ok
22:08:58.0330 7824 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:08:58.0331 7824 tcpipreg - ok
22:08:58.0360 7824 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:08:58.0360 7824 TDPIPE - ok
22:08:58.0391 7824 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:08:58.0392 7824 TDTCP - ok
22:08:58.0420 7824 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:08:58.0421 7824 tdx - ok
22:08:58.0535 7824 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:08:58.0562 7824 TeamViewer7 - ok
22:08:58.0574 7824 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:08:58.0575 7824 TermDD - ok
22:08:58.0611 7824 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:08:58.0625 7824 TermService - ok
22:08:58.0640 7824 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:08:58.0642 7824 Themes - ok
22:08:58.0667 7824 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:08:58.0668 7824 THREADORDER - ok
22:08:58.0690 7824 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:08:58.0693 7824 TrkWks - ok
22:08:58.0739 7824 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:08:58.0744 7824 TrustedInstaller - ok
22:08:58.0776 7824 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:08:58.0777 7824 tssecsrv - ok
22:08:58.0810 7824 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:08:58.0812 7824 TsUsbFlt - ok
22:08:58.0829 7824 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:08:58.0830 7824 TsUsbGD - ok
22:08:58.0862 7824 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:08:58.0865 7824 tunnel - ok
22:08:58.0883 7824 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:08:58.0883 7824 uagp35 - ok
22:08:58.0906 7824 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:08:58.0908 7824 udfs - ok
22:08:58.0932 7824 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:08:58.0934 7824 UI0Detect - ok
22:08:58.0970 7824 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:08:58.0971 7824 uliagpkx - ok
22:08:58.0993 7824 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:08:58.0994 7824 umbus - ok
22:08:59.0009 7824 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:08:59.0010 7824 UmPass - ok
22:08:59.0026 7824 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:08:59.0030 7824 UmRdpService - ok
22:08:59.0159 7824 [ E419566C7918A4C8E9497AFBD502FB2A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:08:59.0182 7824 UNS - ok
22:08:59.0214 7824 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:08:59.0218 7824 upnphost - ok
22:08:59.0259 7824 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:08:59.0259 7824 USBAAPL64 - ok
22:08:59.0301 7824 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:08:59.0303 7824 usbaudio - ok
22:08:59.0327 7824 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:08:59.0329 7824 usbccgp - ok
22:08:59.0363 7824 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:08:59.0365 7824 usbcir - ok
22:08:59.0379 7824 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:08:59.0380 7824 usbehci - ok
22:08:59.0410 7824 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:08:59.0412 7824 usbhub - ok
22:08:59.0437 7824 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:08:59.0438 7824 usbohci - ok
22:08:59.0451 7824 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:08:59.0452 7824 usbprint - ok
22:08:59.0468 7824 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:08:59.0469 7824 USBSTOR - ok
22:08:59.0487 7824 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:08:59.0488 7824 usbuhci - ok
22:08:59.0513 7824 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:08:59.0515 7824 usbvideo - ok
22:08:59.0591 7824 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:08:59.0593 7824 UxSms - ok
22:08:59.0615 7824 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:08:59.0615 7824 VaultSvc - ok
22:08:59.0680 7824 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:08:59.0680 7824 vdrvroot - ok
22:08:59.0758 7824 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:08:59.0770 7824 vds - ok
22:08:59.0808 7824 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:08:59.0809 7824 vga - ok
22:08:59.0850 7824 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:08:59.0850 7824 VgaSave - ok
22:08:59.0888 7824 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:08:59.0889 7824 vhdmp - ok
22:08:59.0902 7824 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:08:59.0903 7824 viaide - ok
22:08:59.0918 7824 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:08:59.0919 7824 vmbus - ok
22:08:59.0930 7824 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:08:59.0930 7824 VMBusHID - ok
22:08:59.0949 7824 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:08:59.0950 7824 volmgr - ok
22:08:59.0974 7824 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:08:59.0975 7824 volmgrx - ok
22:08:59.0987 7824 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:08:59.0989 7824 volsnap - ok
22:09:00.0017 7824 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:09:00.0018 7824 vsmraid - ok
22:09:00.0129 7824 [ 1928B9CA20F51BFBBAD54D2C2C447B13 ] VSPerfDrv100 C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
22:09:00.0130 7824 VSPerfDrv100 - ok
22:09:00.0189 7824 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:09:00.0214 7824 VSS - ok
22:09:00.0243 7824 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:09:00.0244 7824 vwifibus - ok
22:09:00.0267 7824 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:09:00.0269 7824 vwififlt - ok
22:09:00.0288 7824 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:09:00.0289 7824 vwifimp - ok
22:09:00.0324 7824 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:09:00.0331 7824 W32Time - ok
22:09:00.0355 7824 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
22:09:00.0355 7824 wacommousefilter - ok
22:09:00.0366 7824 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:09:00.0366 7824 WacomPen - ok
22:09:00.0387 7824 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
22:09:00.0388 7824 wacomvhid - ok
22:09:00.0413 7824 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:09:00.0413 7824 WANARP - ok
22:09:00.0416 7824 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:09:00.0417 7824 Wanarpv6 - ok
22:09:00.0460 7824 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:09:00.0472 7824 wbengine - ok
22:09:00.0498 7824 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:09:00.0500 7824 WbioSrvc - ok
22:09:00.0516 7824 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:09:00.0519 7824 wcncsvc - ok
22:09:00.0531 7824 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:09:00.0532 7824 WcsPlugInService - ok
22:09:00.0554 7824 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:09:00.0555 7824 Wd - ok
22:09:00.0599 7824 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:09:00.0602 7824 Wdf01000 - ok
22:09:00.0615 7824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:09:00.0618 7824 WdiServiceHost - ok
22:09:00.0621 7824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:09:00.0623 7824 WdiSystemHost - ok
22:09:00.0636 7824 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:09:00.0640 7824 WebClient - ok
22:09:00.0669 7824 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:09:00.0671 7824 Wecsvc - ok
22:09:00.0684 7824 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:09:00.0686 7824 wercplsupport - ok
22:09:00.0700 7824 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:09:00.0702 7824 WerSvc - ok
22:09:00.0730 7824 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:09:00.0730 7824 WfpLwf - ok
22:09:00.0745 7824 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:09:00.0746 7824 WIMMount - ok
22:09:00.0771 7824 WinDefend - ok
22:09:00.0783 7824 WinHttpAutoProxySvc - ok
22:09:00.0824 7824 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:09:00.0826 7824 Winmgmt - ok
22:09:00.0863 7824 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:09:00.0878 7824 WinRM - ok
22:09:00.0910 7824 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
22:09:00.0911 7824 WinUsb - ok
22:09:00.0948 7824 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:09:00.0969 7824 Wlansvc - ok
22:09:00.0994 7824 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:09:00.0994 7824 WmiAcpi - ok
22:09:01.0013 7824 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:09:01.0030 7824 wmiApSrv - ok
22:09:01.0053 7824 WMPNetworkSvc - ok
22:09:01.0071 7824 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:09:01.0073 7824 WPCSvc - ok
22:09:01.0082 7824 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:09:01.0084 7824 WPDBusEnum - ok
22:09:01.0096 7824 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:09:01.0097 7824 ws2ifsl - ok
22:09:01.0123 7824 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:09:01.0126 7824 wscsvc - ok
22:09:01.0128 7824 WSearch - ok
22:09:01.0215 7824 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:09:01.0246 7824 wuauserv - ok
22:09:01.0276 7824 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:09:01.0277 7824 WudfPf - ok
22:09:01.0315 7824 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:09:01.0316 7824 WUDFRd - ok
22:09:01.0348 7824 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:09:01.0353 7824 wudfsvc - ok
22:09:01.0372 7824 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:09:01.0376 7824 WwanSvc - ok
22:09:01.0409 7824 ================ Scan global ===============================
22:09:01.0433 7824 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:09:01.0472 7824 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
22:09:01.0482 7824 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
22:09:01.0515 7824 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:09:01.0539 7824 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:09:01.0544 7824 [Global] - ok
22:09:01.0545 7824 ================ Scan MBR ==================================
22:09:01.0554 7824 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:09:02.0439 7824 \Device\Harddisk0\DR0 - ok
22:09:02.0441 7824 ================ Scan VBR ==================================
22:09:02.0471 7824 [ 84317B4F397EC51BF9BAF059A3B4A0D0 ] \Device\Harddisk0\DR0\Partition1
22:09:02.0474 7824 \Device\Harddisk0\DR0\Partition1 - ok
22:09:02.0487 7824 [ 629A3A4A57F20E697AB064E01DACC7ED ] \Device\Harddisk0\DR0\Partition2
22:09:02.0490 7824 \Device\Harddisk0\DR0\Partition2 - ok
22:09:02.0493 7824 ============================================================
22:09:02.0493 7824 Scan finished
22:09:02.0493 7824 ============================================================
22:09:02.0512 4136 Detected object count: 0
22:09:02.0512 4136 Actual detected object count: 0
dds.txt DDS Logfile: DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_29
Run by Student at 22:12:25 on 2012-12-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3983.2062 [GMT 1:00]
.
AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\AutoRotation\AutoRotation.exe
C:\Users\Student\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Student\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjLidMon.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\Student\AppData\Roaming\Meywe\uhfi.exe
C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files\Tablet\ISD\ISD_Tablet.exe
C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Tablet\ISD\ISD_Tablet.exe
C:\Program Files\Tablet\CalibrationAssistant.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Webtestaufzeichnung 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
uRun: [Akamai NetSession Interface] "C:\Users\Student\AppData\Local\Akamai\netsession_win.exe"
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Zuicyf] C:\Users\Student\AppData\Roaming\Meywe\uhfi.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [snp2uvc] C:\Windows\vsnp2uvc.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [IndicatorUtility] "C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe"
mRun: [StartFujitsuPointingDeviceUtility] "C:\Program Files (x86)\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SAP_WUS_UNT] "C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Student\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Scrybe.lnk - C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{06AA21AA-0B9C-4C3F-87A4-0643AD454DA3} : DHCPNameServer = 10.74.210.210 10.74.210.211
TCP: Interfaces\{4EADF995-C7BA-4E15-A322-DB0FAF0827CC} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E54C4217-E884-462D-84E5-501014776C1D} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E54C4217-E884-462D-84E5-501014776C1D}\27373702B61627C63727578656 : DHCPNameServer = 192.168.11.99
TCP: Interfaces\{E54C4217-E884-462D-84E5-501014776C1D}\75C414E4D214A52363 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E54C4217-E884-462D-84E5-501014776C1D}\960586F6E656027416965627 : DHCPNameServer = 10.74.210.210 10.74.210.211
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
x64-Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
x64-Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
x64-Run: [PfNet] "C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe" /r
x64-Run: [FJBATAID2] C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe
x64-Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe
x64-Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
x64-Run: [FJAutoR] C:\Program Files\Fujitsu\AutoRotation\AutoRotation.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\sjw10vzz.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 193.93.23.68
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 193.93.23.68
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 193.93.23.68
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 193.93.23.68
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\PagePlace\npPagePlaceStarter.dll
FF - plugin: C:\Users\Student\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\sjw10vzz.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\System32\drivers\FBIOSDRV.sys [2009-6-24 21104]
R0 FJGSDisk;G-Sensor Application Filter Driver;C:\Windows\System32\drivers\FJGSDisk.sys [2011-12-2 15208]
R0 rstfltr;rstfltr;C:\Windows\System32\drivers\rstfltr.sys [2011-5-11 22552]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-4 279616]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2012-7-26 144672]
R2 acedrv11;acedrv11;C:\Windows\System32\drivers\acedrv11.sys [2010-2-24 191616]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2010-6-2 2734400]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-22 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-22 676936]
R2 MCSWASVR;Mediencenter Service;C:\Program Files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [2012-5-24 12800]
R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [2012-10-9 263536]
R2 PFNService;PFNService;C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-7 331776]
R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2011-12-2 63336]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-12-6 216640]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-7-26 139840]
R2 ScrybeUpdater;Scrybe-Updateprogramm;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 Sophos Agent;Sophos Agent;C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [2012-9-19 289856]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2012-8-8 232512]
R2 Sophos Message Router;Sophos Message Router;C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [2012-9-19 818240]
R2 Sophos Web Control Service;Sophos Web Control Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-7-26 357400]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-12-6 2869824]
R2 TabletServiceISD;TabletServiceISD;C:\Program Files\Tablet\ISD\ISD_Tablet.exe [2011-8-4 5640048]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-19 2673064]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-4 2656280]
R3 acpials;ALS-Sensorfilter;C:\Windows\System32\drivers\acpials.sys [2010-11-21 9728]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2010-6-2 770152]
R3 Fjbtndrv;Fujitsu Button Driver;C:\Windows\System32\drivers\FjBtnDrv.sys [2009-8-27 23040]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\System32\drivers\fuj02e3.sys [2006-11-1 7296]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-22 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2011-1-3 74984]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2011-1-17 74088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S2 swi_update_64;Sophos Web Intelligence Update;C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012-7-26 1998400]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-3-30 340240]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 rstescu;rstescu;C:\Windows\System32\drivers\rstescu.sys [2011-5-11 607256]
S3 rstescu1;rstescu1;C:\Windows\System32\drivers\rstescu1.sys [2011-5-11 607256]
S3 sdcfilter;sdcfilter;C:\Windows\System32\drivers\sdcfilter.sys [2012-7-26 36640]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-21 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2011-8-4 25608]
S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-12-22 19:00:54 -------- d-----w- C:\Users\Student\AppData\Roaming\Malwarebytes
2012-12-22 19:00:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-22 19:00:42 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-22 19:00:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-22 09:26:18 73728 ----a-r- C:\Users\Student\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-22 09:26:17 73728 ----a-r- C:\Users\Student\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-22 09:26:17 73728 ----a-r- C:\Users\Student\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-12-22 09:21:45 -------- d-----w- C:\Users\Student\AppData\Local\Sophos
2012-12-22 09:06:49 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 09:06:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 09:06:48 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 09:06:47 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-21 20:01:19 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C26FEE12-072F-4843-8BCE-9E2C5D7EC76C}\offreg.dll
2012-12-21 17:32:41 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C26FEE12-072F-4843-8BCE-9E2C5D7EC76C}\mpengine.dll
2012-12-18 08:12:39 -------- d-----w- C:\Users\Student\AppData\Local\Ubisoft Game Launcher
2012-12-18 08:11:58 -------- d-----w- C:\Users\Student\AppData\Roaming\Ubisoft
2012-12-17 22:35:59 409960 ----a-w- C:\Windows\System32\xactengine2_8.dll
2012-12-17 18:56:25 -------- d-----w- C:\Users\Student\AppData\Roaming\Xyisi
2012-12-17 18:56:25 -------- d-----w- C:\Users\Student\AppData\Roaming\Ovbya
2012-12-17 18:56:25 -------- d-----w- C:\Users\Student\AppData\Roaming\Meywe
2012-12-11 20:42:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-11 20:42:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-11 20:42:05 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-06 15:51:43 -------- d-----w- C:\Program Files (x86)\Common Files\Sophos
2012-11-27 22:36:37 -------- d-----w- C:\Users\Student\AppData\Local\SCE
2012-11-27 22:34:58 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2012-11-27 22:34:58 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-11-23 14:26:47 -------- d-----w- C:\Users\Student\AppData\Roaming\TeamViewer
.
==================== Find3M ====================
.
2012-11-19 16:33:15 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-19 16:33:15 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
.
============= FINISH: 22:13:40,77 ===============
--- --- --- --- --- --- attach.txt Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 04.08.2011 11:07:42 System Uptime: 22.12.2012 19:47:07 (3 hours ago) . Motherboard: FUJITSU | | FJNB228 Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | Onboard | 1175/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 61,52 GiB free. D: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP174: 29.11.2012 10:01:49 - Windows Update RP175: 06.12.2012 17:00:59 - Windows Update RP176: 10.12.2012 21:54:19 - Windows Update RP177: 17.12.2012 13:53:01 - Windows Update RP178: 17.12.2012 23:12:32 - Installiert Assassin's Creed II RP179: 17.12.2012 23:32:46 - DirectX wurde installiert RP180: 17.12.2012 23:37:02 - Microsoft Visual C++ 2005 Redistributable wird installiert RP181: 17.12.2012 23:38:33 - Installed Ubisoft Game Launcher RP182: 21.12.2012 18:31:33 - Windows Update RP183: 22.12.2012 10:01:04 - Windows Update RP184: 22.12.2012 10:25:06 - Installed Sophos Virus Removal Tool. RP185: 22.12.2012 10:28:38 - Entfernt Assassin's Creed II . ==== Installed Programs ====================== . AC3Filter 1.63b Adobe Acrobat X Pro - English, Français, Deutsch Adobe Dreamweaver CS6 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) - Deutsch Adobe Shockwave Player 11.6 Akamai NetSession Interface Anytime USB Charge Utility Apple Application Support Apple Mobile Device Support Apple Software Update applicationupdater AuthenTec Fingerprint Software Auto Rotation Utility Battery Utility Bonjour CamStudio Centra Client Convert AVI to MP4 1.3 Crystal Reports for Visual Studio DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dev-C++ 5 beta 9 release (4.9.9.2) DHTML Editing Component Dotfuscator Software Services - Community Edition Dotfuscator Software Services - Community Edition - DEU Dropbox ECL Viewer ffdshow [rev 3154] [2009-12-09] FileZilla Client 3.5.3 FJ Camera Fujitsu Button Utilities Fujitsu Display Manager Fujitsu Hotkey Utility Fujitsu MobilityCenter Extension Utility Fujitsu System Extension Utility FUSSBALL MANAGER 12 gamelauncher-ps2-psg GlassFish Server Open Source Edition 3.1.1 Hotfix for Microsoft Visual Studio 2010 Ultimate - DEU (KB2542054) iCloud InfoRapid Suchen & Ersetzen Intel PROSet Wireless Intel(R) Management Engine Components Intel(R) Network Connections Drivers Intel(R) Processor Graphics Intel(R) PROSet/Wireless WiFi-Software Intel(R) Rapid Storage Technology IrfanView (remove only) ISD Tablet iTunes Java Auto Updater Java(TM) 6 Update 29 Java(TM) 7 Update 2 (64-bit) Java(TM) SE Development Kit 7 Update 2 (64-bit) JavaFX 2.0.2 (64-bit) JavaFX 2.0.2 SDK (64-bit) JDownloader 0.9 Malwarebytes Anti-Malware Version 1.65.1.1000 Mediencenter Assistent Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - DEU Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU Microsoft Help Viewer 1.0 Microsoft Help Viewer 1.0 Language Pack - DEU Microsoft Office 2010 Language Pack Service Pack 1 (SP1) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional 2010 Microsoft Office Project MUI (German) 2010 Microsoft Office Project Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared 32-bit MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Single Image 2010 Microsoft Office Visio 2010 Microsoft Office Visio MUI (German) 2010 Microsoft Office Word MUI (German) 2010 Microsoft Project 2010 Service Pack 1 (SP1) Microsoft Project Professional 2010 Microsoft redistributable runtime DLLs VS2005 SP1(x86) Microsoft redistributable runtime DLLs VS2008 SP1(x86) Microsoft Silverlight Microsoft Silverlight 3 SDK - Deutsch Microsoft SQL Server 2008 (64-bit) Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Management Objects (x64) Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft SQL Server Compact 3.5 SP2 x64 DEU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft SQL Server System CLR Types (x64) Microsoft SQL Server VSS Writer Microsoft Sync Framework 2.0 Core Components (x64) ENU Microsoft Sync Framework 2.0 Provider Services (x64) ENU Microsoft Sync Framework Runtime v1.0 SP1 (x64) de Microsoft Sync Framework SDK v1.0 SP1 de Microsoft Sync Framework Services v1.0 SP1 (x64) de Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de Microsoft Team Foundation Server 2010-Objektmodell - DEU Microsoft Team Foundation Server 2010 Object Model - DEU Microsoft Visio 2010 Service Pack 1 (SP1) Microsoft Visio Professional 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 Microsoft Visual F# 2.0 Runtime Microsoft Visual F# 2.0 Runtime Language Pack - DEU Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 IntelliTrace Collection (x64) Microsoft Visual Studio 2010 Office Developer Tools (x64) Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU Microsoft Visual Studio 2010 Performance Collection Tools - DEU Microsoft Visual Studio 2010 SharePoint Developer Tools Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU Microsoft Visual Studio 2010 Ultimate - DEU Microsoft Visual Studio Macro Tools Microsoft Visual Studio Macro Tools - DEU Language Pack mIRC MobileMe Control Panel Mozilla Firefox 15.0.1 (x86 de) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4.0 redistributable Nassi version 2.0 NetBeans IDE 7.1 New Star Soccer 5 v1.11 O2Micro Flash Memory Card Windows Driver O2Micro OZ776 SCR Driver Origin PagePlace PDFCreator PlanetSide 2 Plugfree NETWORK Pointing Device Utility Power Saving Utility ProtectDisc Driver, Version 11 QuickTime Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Safari SAP Business Explorer SAP GUI for Windows 7.20 SAP JNet SAPSetup Automatic Workstation Update Service Secure Download Manager Security Panel Security Panel Application Security Panel Application for Supervisor Security Panel for Supervisor Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 64-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition Security Update for Microsoft Visual Studio 2010 Ultimate - DEU (KB2251489) Security Update for Microsoft Visual Studio 2010 Ultimate - DEU (KB2644980) Security Update for Microsoft Visual Studio Macro Tools (KB2669970) Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) Shock Sensor Utility Skype™ 5.10 Sophos Anti-Virus Sophos AutoUpdate Sophos Remote Management System Sophos Virus Removal Tool Sql Server Customer Experience Improvement Program swMSM Synaptics Gesture Suite featuring SYNAPTICS | Scrybe Synaptics Pointing Device Driver SyncToy 2.1 (x64) TeamSpeak 3 Client TeamViewer 7 Touch Launcher Ubisoft Game Launcher Unity Web Player Unterstützungsdateien für Microsoft SQL Server 2008-Setup Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Vips 1.1 Visual Studio 2010 Prerequisites - English Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU VLC media player 2.0.0 Web Deployment Tool Windows-Treiberpaket - Fujitsu America, Inc. (FjBtnDrv) HIDClass (08/27/2009 4.2.0827.2009) WinRAR 4.01 (64-Bit) WinX Free AVI to MP4 Converter 4.0.6 WinZip . ==== End Of File =========================== |
|
22.12.2012, 22:29
| #4 |
| /// TB-Ausbilder | Troj/ZbotMem-B // gefunden mit Sophos Das ist ein gewerblich genutzter Rechner?
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.12.2012, 22:32
| #5 |
| | Troj/ZbotMem-B // gefunden mit Sophos Nein, privat genutzt, besonders fürs Studium. Daher SAP & Co. |
|
22.12.2012, 22:37
| #6 | ||
| /// TB-Ausbilder | Troj/ZbotMem-B // gefunden mit Sophos Studium mit SAP?? Meine Güte ... also weiter: Schritt 1: Deinstalliere Java 6 Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Schritt 3: Temporäre Dateien löschen mit TFC Schritt 4: Scan mit Combofix
__________________ --> Troj/ZbotMem-B // gefunden mit Sophos |
|
23.12.2012, 00:02
| #7 |
| | Troj/ZbotMem-B // gefunden mit Sophos Schritt 1: Deinstallation erfolgreich Schritt 2: Ich kann die Datei nicht öffnen:  Herunterladen erst möglich nachdem ich den Virenscanner ausgeschaltet habe. Verschieben auf Desktop auch nicht möglich. Schritt 3: Hat lange gedauert...erledigt! Schritt 4: Ständige Fehlermeldungen á la "NIRKMD nicht gefunden". Code:
ATTFilter ComboFix 12-12-22.02 - Student 22.12.2012 23:33:14.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3983.1677 [GMT 1:00]
ausgeführt von:: c:\users\Student\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Student\AppData\Local\assembly\tmp
c:\users\Student\AppData\Roaming\Meywe
c:\users\Student\AppData\Roaming\Meywe\uhfi.exe
c:\users\Student\AppData\Roaming\Ovbya
c:\users\Student\AppData\Roaming\Ovbya\ofzy.gui
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-22 bis 2012-12-22 ))))))))))))))))))))))))))))))
.
.
2012-12-22 22:28 . 2012-12-22 22:31 -------- d-----w- C:\32788R22FWJFW
2012-12-22 19:00 . 2012-12-22 19:00 -------- d-----w- c:\users\Student\AppData\Roaming\Malwarebytes
2012-12-22 19:00 . 2012-12-22 19:00 -------- d-----w- c:\programdata\Malwarebytes
2012-12-22 19:00 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-22 19:00 . 2012-12-22 19:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-22 09:26 . 2012-12-22 09:26 73728 ----a-r- c:\users\Student\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-22 09:26 . 2012-12-22 09:26 73728 ----a-r- c:\users\Student\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-12-22 09:26 . 2012-12-22 09:26 73728 ----a-r- c:\users\Student\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-12-22 09:21 . 2012-12-22 09:21 -------- d-----w- c:\users\Student\AppData\Local\Sophos
2012-12-22 09:06 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 09:06 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 09:06 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 09:06 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 20:01 . 2012-12-22 22:31 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C26FEE12-072F-4843-8BCE-9E2C5D7EC76C}\offreg.dll
2012-12-21 17:32 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C26FEE12-072F-4843-8BCE-9E2C5D7EC76C}\mpengine.dll
2012-12-18 08:59 . 2012-12-18 09:00 -------- d-----w- c:\users\Administrator
2012-12-18 08:12 . 2012-12-18 08:19 -------- d-----w- c:\users\Student\AppData\Local\Ubisoft Game Launcher
2012-12-18 08:11 . 2012-12-18 08:11 -------- d-----w- c:\users\Student\AppData\Roaming\Ubisoft
2012-12-18 08:11 . 2012-12-18 08:11 -------- d-----w- c:\programdata\Ubisoft
2012-12-17 22:35 . 2007-10-22 02:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll
2012-12-17 18:56 . 2012-12-22 19:21 -------- d-----w- c:\users\Student\AppData\Roaming\Xyisi
2012-12-11 20:42 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 20:42 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-11 20:42 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-06 15:51 . 2012-12-06 15:51 -------- d-----w- c:\program files (x86)\Common Files\Sophos
2012-11-27 22:36 . 2012-11-27 22:36 -------- d-----w- c:\users\Student\AppData\Local\SCE
2012-11-27 22:34 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-11-27 22:34 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-11-27 22:34 . 2012-11-27 22:34 -------- d-----w- c:\users\Public\Sony Online Entertainment
2012-11-23 14:26 . 2012-11-23 14:26 -------- d-----w- c:\users\Student\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-22 09:08 . 2011-08-04 09:32 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-19 16:33 . 2012-05-24 15:25 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-19 16:33 . 2011-08-04 09:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-11-28 06:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 06:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 06:51 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-18 18:40 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-18 18:40 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-18 18:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-18 18:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-04 16:40 . 2012-12-11 20:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-18 18:40 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-18 18:40 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-18 18:39 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-18 18:40 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-18 18:39 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-18 18:40 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-18 18:40 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-18 18:40 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-18 18:39 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-18 18:40 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-18 18:39 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-18 18:37 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-18 18:37 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Student\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-02-01 112152]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-08-08 900160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2010-09-29 48752]
"StartFujitsuPointingDeviceUtility"="c:\program files (x86)\Fujitsu\PointingDeviceUtility\FJPDAutoSet.exe" [2011-02-01 85104]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"SAP_WUS_UNT"="c:\program files (x86)\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe" [2010-11-26 226672]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-8-5 45056]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2011-8-4 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [2012-12-06 1998400]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-03-30 340240]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 rstescu;rstescu;c:\windows\system32\drivers\rstescu.sys [2011-03-25 607256]
R3 rstescu1;rstescu1;c:\windows\system32\drivers\rstescu1.sys [2011-03-25 607256]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2012-07-26 36640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-08-04 25608]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [2009-06-24 21104]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2010-09-27 15208]
S0 rstfltr;rstfltr;c:\windows\system32\drivers\rstfltr.sys [2011-03-25 22552]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-04 279616]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2012-07-26 144672]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-06-02 2734400]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 MCSWASVR;Mediencenter Service;c:\program files\Telekom\Mediencenter\DTAG.Mediencenter.BackgroundService.exe [2012-08-13 12800]
S2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [2010-11-26 263536]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-10-07 331776]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2010-06-17 63336]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-12-06 216640]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-07-26 139840]
S2 ScrybeUpdater;Scrybe-Updateprogramm;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-07-26 357400]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-12-06 2869824]
S2 TabletServiceISD;TabletServiceISD;c:\program files\Tablet\ISD\ISD_Tablet.exe [2011-02-23 5640048]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-06-02 770152]
S3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\DRIVERS\FjBtnDrv.sys [2009-08-27 23040]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-01-16 74088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 ----a-w- c:\users\Student\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-07 11663464]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-03-30 1935120]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-13 662016]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2010-06-08 45680]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-10-19 164200]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2010-11-13 199528]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-10-07 6311424]
"FJBATAID2"="c:\program files\Fujitsu\BatteryAid2\BatteryDaemon.exe" [2010-10-29 124776]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2010-12-01 19800]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2010-08-15 273256]
"FJAutoR"="c:\program files\Fujitsu\AutoRotation\AutoRotation.exe" [2010-08-30 87912]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Student\AppData\Roaming\Mozilla\Firefox\Profiles\sjw10vzz.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 193.93.23.68
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 193.93.23.68
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 193.93.23.68
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 193.93.23.68
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Zuicyf - c:\users\Student\AppData\Roaming\Meywe\uhfi.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Sophos\Remote Management System\RouterNT.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-22 23:55:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-22 22:55
.
Vor Suchlauf: 12 Verzeichnis(se), 70.871.629.824 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 70.013.579.264 Bytes frei
.
- - End Of File - - 1FA24CD9DD711725E00E16E7089871CF
|
|
23.12.2012, 10:55
| #8 | |||
| /// TB-Ausbilder | Troj/ZbotMem-B // gefunden mit Sophos Hmmm okay. Dann machen wir mal weiter: Schritt 1: Windows-Defender abschalten Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
Schritt 2: Combofix-Skript
Schritt 3: Dateien überprüfen lassen Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.12.2012, 20:39
| #9 |
| | Troj/ZbotMem-B // gefunden mit Sophos Schritt 1: Erledigt Schritt 2: Auch hier musste fast jeder Schritt eine Fehlermeldung á la "NIRKMD konnte nicht gefunden werden" weggeklickt werden. Code:
ATTFilter Combofix Logfile: Schritt 3: https://www.virustotal.com/file/4c448c7f77e3b4385d2cd35d0c470589cdf0524e532f9cf7ae084a8f88aa949a/analysis/1356290932/ |
|
23.12.2012, 21:05
| #10 | |
| /// TB-Ausbilder | Troj/ZbotMem-B // gefunden mit Sophos Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen. Da diese sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
26.12.2012, 14:17
| #11 |
| /// TB-Ausbilder | Troj/ZbotMem-B // gefunden mit Sophos Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
26.12.2012, 17:35
| #12 |
| | Troj/ZbotMem-B // gefunden mit Sophos Sorry, bin aufgrund der Feiertage noch nicht dazu gekommen alles durchzuführen. Bin nur unterwegs gewesen von Essen zu Essen  |
|
26.12.2012, 19:01
| #13 |
| /// TB-Ausbilder | Troj/ZbotMem-B // gefunden mit Sophos Der Countdown läuft...
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
28.12.2012, 10:46
| #14 |
| /// TB-Ausbilder | Troj/ZbotMem-B // gefunden mit Sophos Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Troj/ZbotMem-B // gefunden mit Sophos |
| community, eingefangen, gefangen, gefunde, gen, heute, hoffe, liebe, sophos, troj/zbotmem-b, troja, trojaner, trotz, wenig |
Button.
und dann 
Linear-Darstellung
