| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.03.2013, 17:30
| #1 |
 |  TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) hallo erst mal, seit einigen tagen bekomme ich etwa halbstündlich die meldung von unserer Antivirus Software TrendMicro Business Security, dass in C:\windows\tasks das "At1.job" und in C:\windows\system32 das "ojswjz.ouu" file gefunden wurde und ich desshalb neustarten soll. wenn ich an den besagten stellen nachsehe ist natürlich nichts zu finden. das neustarten beseitigt das problem aber nicht. ich habe per google ausfindig gemacht, dass hier ComboFix helfen soll. dies habe ich dann auch ausführen lassen, es wuden auch einige sachen gelösch und gefixt, dann neustart aber der virus(?) ist nach wie vor da. ich habe jetzt HijackThis installiert und hab auch noch das LogFile von ComboFix hier. wie gehe ich jetzt vor? kann mit bitte wer helfen? freundlichst, microdns |
|
19.03.2013, 17:36
| #2 |
| /// TB-Ausbilder  | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) Auf seriösen Seiten steht überall, dass man Combofix nicht alleine ohne Aufsicht einsetzen soll!
__________________ Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.  Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Dann poste bitte mal dein Combofix Logfile. So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
20.03.2013, 10:04
| #3 |
| | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) hallo
__________________ja, ich hab alles gelesen und verstanden. leider muss ich mitteilen, dass ich das ComboFix logfile nicht mehr finde. ich bilde mir zwar ein, dass ich es nicht gelöscht hätte .. aber anscheinend ist es doch so. was ist nunzu tun? ps: eine frage: ist dieser virus, wurm oder malware etwas, was sich per software verbreitet? also fremder usb stick oder festplatte? oder fängt man sich sowas per internet, also beim surfen ein? |
|
20.03.2013, 16:26
| #4 |
| /// TB-Ausbilder | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) Schau bitte in c:\qoobox, da sollte eine Kopie sein.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.03.2013, 17:23
| #5 |
| | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) es gibt kein C:\qoobox bei mir .. |
|
20.03.2013, 17:34
| #6 |
| /// TB-Ausbilder | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) Na okay. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ --> TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) |
|
20.03.2013, 18:33
| #7 |
| | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) vorweg: ich habe den user namen mit xxxxx ersetzt ----- schritt 1 - defogger ----- Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:53 on 20/03/2013 (xxxxx)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
schritt 2 - aswMBR anmerkung: programm ist abgestürzt, ich habe dann den scan mit <none> nochmal gemacht ----- Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-20 18:09:37
-----------------------------
18:09:37.953 OS Version: Windows x64 6.1.7601 Service Pack 1
18:09:37.953 Number of processors: 4 586 0x170A
18:09:37.953 ComputerName: WS026RUT UserName: xxxxx
18:09:39.373 Initialize success
18:09:46.379 AVAST engine defs: 13032000
18:09:50.841 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:09:50.841 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
18:09:50.841 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
18:09:50.841 Disk 1 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
18:09:50.856 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-5
18:09:50.856 Disk 2 Vendor: ST500DM002-1BD142 KC43 Size: 476940MB BusType: 3
18:09:50.950 Disk 0 MBR read successfully
18:09:50.950 Disk 0 MBR scan
18:09:50.966 Disk 0 Windows 7 default MBR code
18:09:50.966 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:09:50.981 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
18:09:51.028 Disk 0 scanning C:\Windows\system32\drivers
18:10:04.337 Service scanning
18:10:29.955 Modules scanning
18:10:29.955 Disk 0 trace - called modules:
18:10:29.971 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:10:29.971 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d31060]
18:10:29.986 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8003c6ee40]
18:10:29.986 5 ACPI.sys[fffff88000f127a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004ab4060]
18:10:29.986 Scan finished successfully
18:10:40.315 Disk 0 MBR has been saved successfully to "C:\Users\xxxxx\Desktop\MBR.dat"
18:10:40.331 The log file has been saved successfully to "C:\Users\xxxxx\Desktop\aswMBR.txt"
schritt 3 - TDSS Killer ----- Code:
ATTFilter
18:13:42.0146 3696 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:13:42.0239 3696 ============================================================
18:13:42.0239 3696 Current date / time: 2013/03/20 18:13:42.0239
18:13:42.0239 3696 SystemInfo:
18:13:42.0239 3696
18:13:42.0239 3696 OS Version: 6.1.7601 ServicePack: 1.0
18:13:42.0239 3696 Product type: Workstation
18:13:42.0239 3696 ComputerName: WS026RUT
18:13:42.0239 3696 UserName: xxxxx
18:13:42.0239 3696 Windows directory: C:\Windows
18:13:42.0239 3696 System windows directory: C:\Windows
18:13:42.0239 3696 Running under WOW64
18:13:42.0239 3696 Processor architecture: Intel x64
18:13:42.0239 3696 Number of processors: 4
18:13:42.0239 3696 Page size: 0x1000
18:13:42.0239 3696 Boot type: Normal boot
18:13:42.0239 3696 ============================================================
18:13:42.0848 3696 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:13:42.0863 3696 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:13:42.0879 3696 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:13:42.0910 3696 Drive \Device\Harddisk7\DR7 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:13:42.0910 3696 ============================================================
18:13:42.0910 3696 \Device\Harddisk0\DR0:
18:13:42.0910 3696 MBR partitions:
18:13:42.0910 3696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:13:42.0910 3696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
18:13:42.0910 3696 \Device\Harddisk1\DR1:
18:13:42.0910 3696 MBR partitions:
18:13:42.0910 3696 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
18:13:42.0910 3696 \Device\Harddisk2\DR2:
18:13:42.0910 3696 MBR partitions:
18:13:42.0910 3696 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
18:13:42.0910 3696 \Device\Harddisk7\DR7:
18:13:42.0910 3696 MBR partitions:
18:13:42.0910 3696 \Device\Harddisk7\DR7\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEEBFC1
18:13:42.0910 3696 ============================================================
18:13:42.0973 3696 C: <-> \Device\Harddisk0\DR0\Partition2
18:13:42.0988 3696 D: <-> \Device\Harddisk1\DR1\Partition1
18:13:42.0988 3696 F: <-> \Device\Harddisk2\DR2\Partition1
18:13:42.0988 3696 ============================================================
18:13:42.0988 3696 Initialize success
18:13:42.0988 3696 ============================================================
18:14:08.0791 5196 ============================================================
18:14:08.0791 5196 Scan started
18:14:08.0791 5196 Mode: Manual; TDLFS;
18:14:08.0791 5196 ============================================================
18:14:09.0119 5196 ================ Scan system memory ========================
18:14:09.0119 5196 System memory - ok
18:14:09.0119 5196 ================ Scan services =============================
18:14:09.0197 5196 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:14:09.0197 5196 1394ohci - ok
18:14:09.0228 5196 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:14:09.0228 5196 ACPI - ok
18:14:09.0243 5196 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:14:09.0243 5196 AcpiPmi - ok
18:14:09.0275 5196 [ D44BCAF639E4E45307C2BC80715273D5 ] adfs C:\Windows\system32\drivers\adfs.sys
18:14:09.0275 5196 adfs - ok
18:14:09.0399 5196 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
18:14:09.0415 5196 Adobe Version Cue CS4 - ok
18:14:09.0446 5196 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:14:09.0477 5196 AdobeARMservice - ok
18:14:09.0493 5196 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:14:09.0509 5196 adp94xx - ok
18:14:09.0540 5196 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:14:09.0540 5196 adpahci - ok
18:14:09.0555 5196 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:14:09.0555 5196 adpu320 - ok
18:14:09.0571 5196 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:14:09.0587 5196 AeLookupSvc - ok
18:14:09.0633 5196 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:14:09.0633 5196 AFD - ok
18:14:09.0649 5196 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:14:09.0649 5196 agp440 - ok
18:14:09.0665 5196 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:14:09.0665 5196 ALG - ok
18:14:09.0680 5196 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:14:09.0680 5196 aliide - ok
18:14:09.0696 5196 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:14:09.0696 5196 amdide - ok
18:14:09.0711 5196 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:14:09.0711 5196 AmdK8 - ok
18:14:09.0727 5196 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:14:09.0727 5196 AmdPPM - ok
18:14:09.0743 5196 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:14:09.0743 5196 amdsata - ok
18:14:09.0758 5196 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:14:09.0758 5196 amdsbs - ok
18:14:09.0774 5196 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:14:09.0774 5196 amdxata - ok
18:14:09.0836 5196 [ 24C5AAB82E681147E8F3D33FD416DAC8 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
18:14:09.0836 5196 Amsp - ok
18:14:09.0867 5196 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:14:09.0867 5196 AppID - ok
18:14:09.0883 5196 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:14:09.0883 5196 AppIDSvc - ok
18:14:09.0899 5196 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:14:09.0899 5196 Appinfo - ok
18:14:09.0930 5196 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:14:09.0930 5196 AppMgmt - ok
18:14:09.0945 5196 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:14:09.0945 5196 arc - ok
18:14:09.0961 5196 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:14:09.0961 5196 arcsas - ok
18:14:10.0070 5196 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:14:10.0101 5196 aspnet_state - ok
18:14:10.0133 5196 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:14:10.0133 5196 AsyncMac - ok
18:14:10.0148 5196 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:14:10.0148 5196 atapi - ok
18:14:10.0179 5196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:14:10.0179 5196 AudioEndpointBuilder - ok
18:14:10.0195 5196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:14:10.0195 5196 AudioSrv - ok
18:14:10.0226 5196 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:14:10.0226 5196 AxInstSV - ok
18:14:10.0242 5196 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:14:10.0257 5196 b06bdrv - ok
18:14:10.0273 5196 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:14:10.0273 5196 b57nd60a - ok
18:14:10.0289 5196 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:14:10.0289 5196 BDESVC - ok
18:14:10.0304 5196 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:14:10.0304 5196 Beep - ok
18:14:10.0335 5196 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:14:10.0351 5196 BFE - ok
18:14:10.0382 5196 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:14:10.0382 5196 BITS - ok
18:14:10.0413 5196 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:14:10.0413 5196 blbdrive - ok
18:14:10.0460 5196 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:14:10.0460 5196 bowser - ok
18:14:10.0476 5196 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:14:10.0476 5196 BrFiltLo - ok
18:14:10.0476 5196 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:14:10.0476 5196 BrFiltUp - ok
18:14:10.0507 5196 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:14:10.0507 5196 BridgeMP - ok
18:14:10.0538 5196 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:14:10.0554 5196 Browser - ok
18:14:10.0554 5196 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:14:10.0554 5196 Brserid - ok
18:14:10.0569 5196 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:14:10.0569 5196 BrSerWdm - ok
18:14:10.0569 5196 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:14:10.0569 5196 BrUsbMdm - ok
18:14:10.0585 5196 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:14:10.0585 5196 BrUsbSer - ok
18:14:10.0585 5196 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:14:10.0585 5196 BTHMODEM - ok
18:14:10.0616 5196 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:14:10.0616 5196 bthserv - ok
18:14:10.0632 5196 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:14:10.0632 5196 cdfs - ok
18:14:10.0663 5196 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:14:10.0663 5196 cdrom - ok
18:14:10.0679 5196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:14:10.0679 5196 CertPropSvc - ok
18:14:10.0694 5196 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:14:10.0694 5196 circlass - ok
18:14:10.0710 5196 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:14:10.0725 5196 CLFS - ok
18:14:10.0772 5196 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:14:10.0772 5196 clr_optimization_v2.0.50727_32 - ok
18:14:10.0803 5196 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:14:10.0803 5196 clr_optimization_v2.0.50727_64 - ok
18:14:10.0866 5196 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:14:10.0913 5196 clr_optimization_v4.0.30319_32 - ok
18:14:10.0928 5196 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:14:10.0944 5196 clr_optimization_v4.0.30319_64 - ok
18:14:10.0975 5196 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:14:10.0975 5196 CmBatt - ok
18:14:10.0991 5196 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:14:10.0991 5196 cmdide - ok
18:14:11.0038 5196 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:14:11.0053 5196 CNG - ok
18:14:11.0069 5196 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:14:11.0069 5196 Compbatt - ok
18:14:11.0084 5196 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:14:11.0084 5196 CompositeBus - ok
18:14:11.0100 5196 COMSysApp - ok
18:14:11.0116 5196 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:14:11.0116 5196 crcdisk - ok
18:14:11.0162 5196 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:14:11.0178 5196 CryptSvc - ok
18:14:11.0194 5196 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:14:11.0209 5196 CSC - ok
18:14:11.0225 5196 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:14:11.0225 5196 CscService - ok
18:14:11.0256 5196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:14:11.0256 5196 DcomLaunch - ok
18:14:11.0287 5196 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:14:11.0287 5196 defragsvc - ok
18:14:11.0303 5196 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:14:11.0303 5196 DfsC - ok
18:14:11.0318 5196 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:14:11.0318 5196 Dhcp - ok
18:14:11.0334 5196 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:14:11.0350 5196 discache - ok
18:14:11.0365 5196 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:14:11.0365 5196 Disk - ok
18:14:11.0396 5196 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:14:11.0396 5196 dmvsc - ok
18:14:11.0443 5196 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:14:11.0443 5196 Dnscache - ok
18:14:11.0474 5196 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:14:11.0490 5196 dot3svc - ok
18:14:11.0490 5196 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:14:11.0490 5196 DPS - ok
18:14:11.0521 5196 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:14:11.0521 5196 drmkaud - ok
18:14:11.0552 5196 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:14:11.0568 5196 DXGKrnl - ok
18:14:11.0677 5196 [ 4AB8E6653E5FCBB3C5F597C4F070CF4A ] EACUSrv C:\Windows\system32\EACUSrv.exe
18:14:11.0693 5196 EACUSrv - ok
18:14:11.0724 5196 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:14:11.0724 5196 EapHost - ok
18:14:11.0786 5196 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:14:11.0833 5196 ebdrv - ok
18:14:11.0864 5196 [ 64E2699C29B3595D52A9F705CE354546 ] edsservice C:\Program Files (x86)\ESTOS\ProCall 4\EDeskShareService.exe
18:14:12.0098 5196 edsservice - ok
18:14:12.0130 5196 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:14:12.0130 5196 EFS - ok
18:14:12.0161 5196 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:14:12.0176 5196 ehRecvr - ok
18:14:12.0192 5196 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:14:12.0192 5196 ehSched - ok
18:14:12.0223 5196 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:14:12.0239 5196 elxstor - ok
18:14:12.0254 5196 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:14:12.0254 5196 ErrDev - ok
18:14:12.0286 5196 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:14:12.0286 5196 EventSystem - ok
18:14:12.0301 5196 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:14:12.0301 5196 exfat - ok
18:14:12.0317 5196 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:14:12.0317 5196 fastfat - ok
18:14:12.0348 5196 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:14:12.0348 5196 Fax - ok
18:14:12.0364 5196 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:14:12.0364 5196 fdc - ok
18:14:12.0379 5196 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:14:12.0379 5196 fdPHost - ok
18:14:12.0395 5196 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:14:12.0395 5196 FDResPub - ok
18:14:12.0457 5196 [ 25C381F99B7DB7B4E3F37AD446DF740D ] fexservice C:\Program Files (x86)\FontExplorer X\FontExplorer X Pro\FontManagementServices.exe
18:14:12.0473 5196 fexservice - ok
18:14:12.0488 5196 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:14:12.0488 5196 FileInfo - ok
18:14:12.0504 5196 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:14:12.0504 5196 Filetrace - ok
18:14:12.0535 5196 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:14:12.0566 5196 FLEXnet Licensing Service - ok
18:14:12.0613 5196 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:14:12.0644 5196 FLEXnet Licensing Service 64 - ok
18:14:12.0660 5196 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:14:12.0660 5196 flpydisk - ok
18:14:12.0676 5196 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:14:12.0676 5196 FltMgr - ok
18:14:12.0738 5196 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:14:12.0754 5196 FontCache - ok
18:14:12.0800 5196 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:14:12.0800 5196 FontCache3.0.0.0 - ok
18:14:12.0847 5196 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:14:12.0847 5196 FsDepends - ok
18:14:12.0878 5196 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:14:12.0878 5196 Fs_Rec - ok
18:14:12.0894 5196 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:14:12.0894 5196 fvevol - ok
18:14:12.0910 5196 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:14:12.0910 5196 gagp30kx - ok
18:14:12.0956 5196 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:14:12.0988 5196 gpsvc - ok
18:14:13.0034 5196 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:14:13.0034 5196 gupdate - ok
18:14:13.0050 5196 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:14:13.0050 5196 gupdatem - ok
18:14:13.0081 5196 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:14:13.0081 5196 hcw85cir - ok
18:14:13.0112 5196 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:14:13.0112 5196 HdAudAddService - ok
18:14:13.0128 5196 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:14:13.0128 5196 HDAudBus - ok
18:14:13.0128 5196 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:14:13.0144 5196 HidBatt - ok
18:14:13.0159 5196 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:14:13.0159 5196 HidBth - ok
18:14:13.0159 5196 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:14:13.0159 5196 HidIr - ok
18:14:13.0190 5196 [ 957BD482212B77624E63A54EDDB414F8 ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
18:14:13.0190 5196 hidkmdf - ok
18:14:13.0222 5196 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:14:13.0222 5196 hidserv - ok
18:14:13.0222 5196 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:14:13.0237 5196 HidUsb - ok
18:14:13.0253 5196 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:14:13.0253 5196 hkmsvc - ok
18:14:13.0268 5196 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:14:13.0268 5196 HomeGroupListener - ok
18:14:13.0284 5196 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:14:13.0300 5196 HomeGroupProvider - ok
18:14:13.0315 5196 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:14:13.0315 5196 HpSAMD - ok
18:14:13.0346 5196 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:14:13.0346 5196 HTTP - ok
18:14:13.0362 5196 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:14:13.0362 5196 hwpolicy - ok
18:14:13.0378 5196 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:14:13.0378 5196 i8042prt - ok
18:14:13.0409 5196 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:14:13.0409 5196 iaStorV - ok
18:14:13.0456 5196 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:14:13.0456 5196 idsvc - ok
18:14:13.0487 5196 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:14:13.0487 5196 iirsp - ok
18:14:13.0518 5196 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:14:13.0534 5196 IKEEXT - ok
18:14:13.0549 5196 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:14:13.0549 5196 intelide - ok
18:14:13.0565 5196 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:14:13.0565 5196 intelppm - ok
18:14:13.0580 5196 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:14:13.0580 5196 IPBusEnum - ok
18:14:13.0596 5196 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:14:13.0596 5196 IpFilterDriver - ok
18:14:13.0643 5196 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:14:13.0643 5196 iphlpsvc - ok
18:14:13.0643 5196 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:14:13.0643 5196 IPMIDRV - ok
18:14:13.0658 5196 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:14:13.0658 5196 IPNAT - ok
18:14:13.0690 5196 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:14:13.0690 5196 IRENUM - ok
18:14:13.0705 5196 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:14:13.0705 5196 isapnp - ok
18:14:13.0721 5196 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:14:13.0721 5196 iScsiPrt - ok
18:14:13.0752 5196 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:14:13.0752 5196 kbdclass - ok
18:14:13.0752 5196 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:14:13.0752 5196 kbdhid - ok
18:14:13.0768 5196 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:14:13.0768 5196 KeyIso - ok
18:14:13.0799 5196 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:14:13.0799 5196 KSecDD - ok
18:14:13.0814 5196 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:14:13.0814 5196 KSecPkg - ok
18:14:13.0830 5196 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:14:13.0830 5196 ksthunk - ok
18:14:13.0861 5196 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:14:13.0861 5196 KtmRm - ok
18:14:13.0877 5196 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:14:13.0892 5196 LanmanServer - ok
18:14:13.0908 5196 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:14:13.0908 5196 LanmanWorkstation - ok
18:14:13.0939 5196 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:14:13.0939 5196 lltdio - ok
18:14:13.0955 5196 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:14:13.0955 5196 lltdsvc - ok
18:14:13.0970 5196 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:14:13.0970 5196 lmhosts - ok
18:14:14.0002 5196 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:14:14.0002 5196 LSI_FC - ok
18:14:14.0002 5196 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:14:14.0002 5196 LSI_SAS - ok
18:14:14.0017 5196 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:14:14.0017 5196 LSI_SAS2 - ok
18:14:14.0033 5196 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:14:14.0033 5196 LSI_SCSI - ok
18:14:14.0048 5196 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:14:14.0048 5196 luafv - ok
18:14:14.0080 5196 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:14:14.0080 5196 Mcx2Svc - ok
18:14:14.0095 5196 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:14:14.0095 5196 megasas - ok
18:14:14.0111 5196 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:14:14.0111 5196 MegaSR - ok
18:14:14.0126 5196 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:14:14.0126 5196 MMCSS - ok
18:14:14.0142 5196 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:14:14.0142 5196 Modem - ok
18:14:14.0158 5196 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:14:14.0158 5196 monitor - ok
18:14:14.0189 5196 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:14:14.0189 5196 mouclass - ok
18:14:14.0204 5196 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:14:14.0204 5196 mouhid - ok
18:14:14.0220 5196 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:14:14.0220 5196 mountmgr - ok
18:14:14.0236 5196 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:14:14.0267 5196 MozillaMaintenance - ok
18:14:14.0282 5196 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:14:14.0282 5196 mpio - ok
18:14:14.0298 5196 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:14:14.0298 5196 mpsdrv - ok
18:14:14.0329 5196 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:14:14.0345 5196 MpsSvc - ok
18:14:14.0345 5196 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:14:14.0345 5196 MRxDAV - ok
18:14:14.0392 5196 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:14:14.0392 5196 mrxsmb - ok
18:14:14.0407 5196 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:14:14.0407 5196 mrxsmb10 - ok
18:14:14.0423 5196 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:14:14.0423 5196 mrxsmb20 - ok
18:14:14.0454 5196 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:14:14.0454 5196 msahci - ok
18:14:14.0454 5196 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:14:14.0470 5196 msdsm - ok
18:14:14.0485 5196 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:14:14.0485 5196 MSDTC - ok
18:14:14.0516 5196 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:14:14.0516 5196 Msfs - ok
18:14:14.0516 5196 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:14:14.0516 5196 mshidkmdf - ok
18:14:14.0532 5196 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:14:14.0532 5196 msisadrv - ok
18:14:14.0563 5196 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:14:14.0563 5196 MSiSCSI - ok
18:14:14.0563 5196 msiserver - ok
18:14:14.0594 5196 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:14:14.0594 5196 MSKSSRV - ok
18:14:14.0610 5196 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:14:14.0610 5196 MSPCLOCK - ok
18:14:14.0626 5196 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:14:14.0626 5196 MSPQM - ok
18:14:14.0626 5196 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:14:14.0641 5196 MsRPC - ok
18:14:14.0657 5196 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:14:14.0657 5196 mssmbios - ok
18:14:14.0657 5196 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:14:14.0657 5196 MSTEE - ok
18:14:14.0657 5196 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:14:14.0657 5196 MTConfig - ok
18:14:14.0672 5196 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:14:14.0672 5196 Mup - ok
18:14:14.0704 5196 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:14:14.0704 5196 napagent - ok
18:14:14.0735 5196 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:14:14.0735 5196 NativeWifiP - ok
18:14:14.0782 5196 [ 62D48CCC1C765ED587F17A67DED6B5DC ] NCFilter C:\Windows\system32\DRIVERS\NCFilter.sys
18:14:14.0797 5196 NCFilter - ok
18:14:14.0828 5196 [ 308E481D3DC7BCD6B74FBE4F0D7D3A52 ] NCFSD C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys
18:14:14.0828 5196 NCFSD - ok
18:14:14.0828 5196 [ 9604C4E217DF00ADDC10BC43EBCAB850 ] NCIOCTL C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys
18:14:14.0844 5196 NCIOCTL - ok
18:14:14.0844 5196 [ B059AE16FFA91A49168553509EAC32DA ] NCRecognizer C:\Windows\system32\DRIVERS\NCRecognizer.sys
18:14:14.0844 5196 NCRecognizer - ok
18:14:14.0860 5196 [ 05CFBDA67E6402C7AFD33B3907B9F878 ] NCUncFilter C:\Windows\system32\DRIVERS\NCUncFilter.sys
18:14:14.0860 5196 NCUncFilter - ok
18:14:14.0922 5196 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:14:14.0922 5196 NDIS - ok
18:14:14.0953 5196 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:14:14.0953 5196 NdisCap - ok
18:14:14.0984 5196 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:14:14.0984 5196 NdisTapi - ok
18:14:15.0000 5196 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:14:15.0000 5196 Ndisuio - ok
18:14:15.0016 5196 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:14:15.0016 5196 NdisWan - ok
18:14:15.0016 5196 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:14:15.0031 5196 NDProxy - ok
18:14:15.0078 5196 [ 2C723E42FC8D7B0209492828F921FB50 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:14:15.0078 5196 Net Driver HPZ12 - ok
18:14:15.0109 5196 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:14:15.0109 5196 NetBIOS - ok
18:14:15.0125 5196 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:14:15.0125 5196 NetBT - ok
18:14:15.0140 5196 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:14:15.0140 5196 Netlogon - ok
18:14:15.0172 5196 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:14:15.0172 5196 Netman - ok
18:14:15.0203 5196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:14:15.0234 5196 NetMsmqActivator - ok
18:14:15.0234 5196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:14:15.0234 5196 NetPipeActivator - ok
18:14:15.0250 5196 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:14:15.0250 5196 netprofm - ok
18:14:15.0281 5196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:14:15.0281 5196 NetTcpActivator - ok
18:14:15.0281 5196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:14:15.0281 5196 NetTcpPortSharing - ok
18:14:15.0312 5196 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:14:15.0312 5196 nfrd960 - ok
18:14:15.0328 5196 [ E1EDBFC64616636C515D570365E48BD3 ] NICM C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys
18:14:15.0328 5196 NICM - ok
18:14:15.0359 5196 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:14:15.0359 5196 NlaSvc - ok
18:14:15.0374 5196 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:14:15.0374 5196 Npfs - ok
18:14:15.0390 5196 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:14:15.0406 5196 nsi - ok
18:14:15.0406 5196 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:14:15.0406 5196 nsiproxy - ok
18:14:15.0468 5196 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:14:15.0499 5196 Ntfs - ok
18:14:15.0499 5196 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:14:15.0515 5196 Null - ok
18:14:15.0749 5196 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:14:15.0920 5196 nvlddmkm - ok
18:14:15.0952 5196 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:14:15.0952 5196 nvraid - ok
18:14:15.0967 5196 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:14:15.0967 5196 nvstor - ok
18:14:16.0030 5196 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
18:14:16.0045 5196 nvsvc - ok
18:14:16.0061 5196 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:14:16.0061 5196 nv_agp - ok
18:14:16.0076 5196 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:14:16.0076 5196 ohci1394 - ok
18:14:16.0123 5196 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:14:16.0123 5196 ose - ok
18:14:16.0201 5196 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:14:16.0279 5196 osppsvc - ok
18:14:16.0310 5196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:14:16.0310 5196 p2pimsvc - ok
18:14:16.0342 5196 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:14:16.0342 5196 p2psvc - ok
18:14:16.0357 5196 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:14:16.0357 5196 Parport - ok
18:14:16.0404 5196 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:14:16.0404 5196 partmgr - ok
18:14:16.0420 5196 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:14:16.0420 5196 PcaSvc - ok
18:14:16.0435 5196 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:14:16.0435 5196 pci - ok
18:14:16.0435 5196 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:14:16.0435 5196 pciide - ok
18:14:16.0451 5196 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:14:16.0466 5196 pcmcia - ok
18:14:16.0466 5196 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:14:16.0466 5196 pcw - ok
18:14:16.0498 5196 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:14:16.0513 5196 PEAUTH - ok
18:14:16.0560 5196 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:14:16.0576 5196 PeerDistSvc - ok
18:14:16.0622 5196 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:14:16.0638 5196 PerfHost - ok
18:14:16.0669 5196 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:14:16.0700 5196 pla - ok
18:14:16.0763 5196 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:14:16.0763 5196 PlugPlay - ok
18:14:16.0794 5196 [ 171E6D91A20AAC8D02172A64E82CE90B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:14:16.0794 5196 Pml Driver HPZ12 - ok
18:14:16.0794 5196 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:14:16.0810 5196 PNRPAutoReg - ok
18:14:16.0810 5196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:14:16.0825 5196 PNRPsvc - ok
18:14:16.0841 5196 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:14:16.0856 5196 PolicyAgent - ok
18:14:16.0872 5196 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:14:16.0872 5196 Power - ok
18:14:16.0903 5196 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:14:16.0903 5196 PptpMiniport - ok
18:14:16.0919 5196 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:14:16.0919 5196 Processor - ok
18:14:16.0966 5196 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:14:16.0966 5196 ProfSvc - ok
18:14:16.0981 5196 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:14:16.0981 5196 ProtectedStorage - ok
18:14:16.0997 5196 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:14:16.0997 5196 Psched - ok
18:14:17.0028 5196 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:14:17.0028 5196 PxHlpa64 - ok
18:14:17.0075 5196 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:14:17.0090 5196 ql2300 - ok
18:14:17.0106 5196 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:14:17.0106 5196 ql40xx - ok
18:14:17.0122 5196 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:14:17.0137 5196 QWAVE - ok
18:14:17.0153 5196 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:14:17.0153 5196 QWAVEdrv - ok
18:14:17.0153 5196 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:14:17.0168 5196 RasAcd - ok
18:14:17.0184 5196 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:14:17.0184 5196 RasAgileVpn - ok
18:14:17.0200 5196 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:14:17.0200 5196 RasAuto - ok
18:14:17.0200 5196 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:14:17.0215 5196 Rasl2tp - ok
18:14:17.0231 5196 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:14:17.0231 5196 RasMan - ok
18:14:17.0246 5196 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:14:17.0246 5196 RasPppoe - ok
18:14:17.0262 5196 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:14:17.0262 5196 RasSstp - ok
18:14:17.0278 5196 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:14:17.0278 5196 rdbss - ok
18:14:17.0293 5196 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:14:17.0293 5196 rdpbus - ok
18:14:17.0293 5196 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:14:17.0293 5196 RDPCDD - ok
18:14:17.0324 5196 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:14:17.0324 5196 RDPDR - ok
18:14:17.0340 5196 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:14:17.0340 5196 RDPENCDD - ok
18:14:17.0340 5196 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:14:17.0340 5196 RDPREFMP - ok
18:14:17.0371 5196 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:14:17.0387 5196 RDPWD - ok
18:14:17.0387 5196 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:14:17.0402 5196 rdyboost - ok
18:14:17.0418 5196 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:14:17.0418 5196 RemoteAccess - ok
18:14:17.0434 5196 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:14:17.0449 5196 RemoteRegistry - ok
18:14:17.0465 5196 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:14:17.0465 5196 RpcEptMapper - ok
18:14:17.0480 5196 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:14:17.0480 5196 RpcLocator - ok
18:14:17.0496 5196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:14:17.0496 5196 RpcSs - ok
18:14:17.0527 5196 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:14:17.0527 5196 rspndr - ok
18:14:17.0558 5196 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:14:17.0558 5196 s3cap - ok
18:14:17.0558 5196 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:14:17.0574 5196 SamSs - ok
18:14:17.0574 5196 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:14:17.0574 5196 sbp2port - ok
18:14:17.0605 5196 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:14:17.0605 5196 SCardSvr - ok
18:14:17.0621 5196 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:14:17.0621 5196 scfilter - ok
18:14:17.0636 5196 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:14:17.0668 5196 Schedule - ok
18:14:17.0683 5196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:14:17.0683 5196 SCPolicySvc - ok
18:14:17.0699 5196 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:14:17.0699 5196 SDRSVC - ok
18:14:17.0714 5196 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:14:17.0730 5196 secdrv - ok
18:14:17.0730 5196 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:14:17.0730 5196 seclogon - ok
18:14:17.0746 5196 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:14:17.0746 5196 SENS - ok
18:14:17.0761 5196 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:14:17.0761 5196 SensrSvc - ok
18:14:17.0777 5196 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:14:17.0777 5196 Serenum - ok
18:14:17.0792 5196 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:14:17.0792 5196 Serial - ok
18:14:17.0792 5196 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:14:17.0792 5196 sermouse - ok
18:14:17.0824 5196 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:14:17.0824 5196 SessionEnv - ok
18:14:17.0824 5196 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:14:17.0824 5196 sffdisk - ok
18:14:17.0839 5196 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:14:17.0839 5196 sffp_mmc - ok
18:14:17.0839 5196 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:14:17.0839 5196 sffp_sd - ok
18:14:17.0839 5196 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:14:17.0839 5196 sfloppy - ok
18:14:17.0870 5196 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:14:17.0870 5196 SharedAccess - ok
18:14:17.0886 5196 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:14:17.0886 5196 ShellHWDetection - ok
18:14:17.0902 5196 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:14:17.0902 5196 SiSRaid2 - ok
18:14:17.0917 5196 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:14:17.0917 5196 SiSRaid4 - ok
18:14:17.0964 5196 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:14:17.0964 5196 SkypeUpdate - ok
18:14:17.0995 5196 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:14:17.0995 5196 Smb - ok
18:14:18.0026 5196 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:14:18.0026 5196 SNMPTRAP - ok
18:14:18.0042 5196 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:14:18.0042 5196 spldr - ok
18:14:18.0089 5196 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:14:18.0089 5196 Spooler - ok
18:14:18.0151 5196 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:14:18.0182 5196 sppsvc - ok
18:14:18.0214 5196 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:14:18.0229 5196 sppuinotify - ok
18:14:18.0245 5196 sptd - ok
18:14:18.0292 5196 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:14:18.0292 5196 srv - ok
18:14:18.0338 5196 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:14:18.0338 5196 srv2 - ok
18:14:18.0354 5196 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:14:18.0354 5196 srvnet - ok
18:14:18.0385 5196 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:14:18.0385 5196 SSDPSRV - ok
18:14:18.0401 5196 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:14:18.0401 5196 SstpSvc - ok
18:14:18.0463 5196 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:14:18.0463 5196 Stereo Service - ok
18:14:18.0494 5196 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:14:18.0494 5196 stexstor - ok
18:14:18.0526 5196 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:14:18.0526 5196 stisvc - ok
18:14:18.0541 5196 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:14:18.0541 5196 storflt - ok
18:14:18.0572 5196 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:14:18.0572 5196 StorSvc - ok
18:14:18.0588 5196 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:14:18.0588 5196 storvsc - ok
18:14:18.0604 5196 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:14:18.0604 5196 swenum - ok
18:14:18.0619 5196 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:14:18.0635 5196 swprv - ok
18:14:18.0666 5196 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:14:18.0713 5196 SysMain - ok
18:14:18.0713 5196 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:14:18.0728 5196 TabletInputService - ok
18:14:18.0744 5196 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:14:18.0744 5196 TapiSrv - ok
18:14:18.0760 5196 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:14:18.0760 5196 TBS - ok
18:14:18.0822 5196 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:14:18.0838 5196 Tcpip - ok
18:14:18.0884 5196 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:14:18.0900 5196 TCPIP6 - ok
18:14:18.0916 5196 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:14:18.0916 5196 tcpipreg - ok
18:14:18.0931 5196 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:14:18.0931 5196 TDPIPE - ok
18:14:18.0978 5196 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:14:18.0978 5196 TDTCP - ok
18:14:18.0994 5196 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:14:18.0994 5196 tdx - ok
18:14:19.0118 5196 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
18:14:19.0337 5196 TeamViewer8 - ok
18:14:19.0352 5196 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:14:19.0352 5196 TermDD - ok
18:14:19.0384 5196 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:14:19.0384 5196 TermService - ok
18:14:19.0399 5196 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:14:19.0399 5196 Themes - ok
18:14:19.0415 5196 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:14:19.0415 5196 THREADORDER - ok
18:14:19.0446 5196 [ 95AB85CF9C7EDC62845D21BB596B0093 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
18:14:19.0446 5196 tmactmon - ok
18:14:19.0462 5196 [ 0B975F08621CADF7F8EC164E1A991CF3 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
18:14:19.0477 5196 tmcomm - ok
18:14:19.0477 5196 [ AEA9012CFC3C4B2A167B210C523B9B65 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
18:14:19.0477 5196 tmevtmgr - ok
18:14:19.0524 5196 [ 2C5BDCB2EFAB4CA5B88DAF2C97A5794D ] TmListen C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
18:14:19.0540 5196 TmListen - ok
18:14:19.0555 5196 [ 77B9BEBB0769F45EF770297196EF3506 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
18:14:19.0555 5196 tmtdi - ok
18:14:19.0586 5196 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:14:19.0602 5196 TrkWks - ok
18:14:19.0633 5196 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:14:19.0649 5196 TrustedInstaller - ok
18:14:19.0664 5196 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:14:19.0664 5196 tssecsrv - ok
18:14:19.0680 5196 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:14:19.0680 5196 TsUsbFlt - ok
18:14:19.0696 5196 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:14:19.0696 5196 TsUsbGD - ok
18:14:19.0711 5196 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:14:19.0711 5196 tunnel - ok
18:14:19.0727 5196 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:14:19.0727 5196 uagp35 - ok
18:14:19.0742 5196 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:14:19.0742 5196 udfs - ok
18:14:19.0774 5196 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:14:19.0774 5196 UI0Detect - ok
18:14:19.0789 5196 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:14:19.0789 5196 uliagpkx - ok
18:14:19.0805 5196 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:14:19.0820 5196 umbus - ok
18:14:19.0820 5196 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:14:19.0820 5196 UmPass - ok
18:14:19.0852 5196 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:14:19.0852 5196 UmRdpService - ok
18:14:19.0867 5196 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:14:19.0867 5196 upnphost - ok
18:14:19.0898 5196 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:14:19.0898 5196 usbccgp - ok
18:14:19.0898 5196 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:14:19.0898 5196 usbcir - ok
18:14:19.0930 5196 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:14:19.0930 5196 usbehci - ok
18:14:19.0945 5196 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:14:19.0961 5196 usbhub - ok
18:14:19.0976 5196 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:14:19.0976 5196 usbohci - ok
18:14:19.0992 5196 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:14:19.0992 5196 usbprint - ok
18:14:20.0039 5196 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:14:20.0039 5196 usbscan - ok
18:14:20.0054 5196 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:14:20.0054 5196 USBSTOR - ok
18:14:20.0070 5196 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:14:20.0070 5196 usbuhci - ok
18:14:20.0086 5196 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:14:20.0086 5196 UxSms - ok
18:14:20.0101 5196 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:14:20.0101 5196 VaultSvc - ok
18:14:20.0117 5196 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:14:20.0117 5196 vdrvroot - ok
18:14:20.0132 5196 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:14:20.0148 5196 vds - ok
18:14:20.0164 5196 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:14:20.0164 5196 vga - ok
18:14:20.0179 5196 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:14:20.0179 5196 VgaSave - ok
18:14:20.0195 5196 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:14:20.0195 5196 vhdmp - ok
18:14:20.0226 5196 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:14:20.0226 5196 viaide - ok
18:14:20.0242 5196 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:14:20.0242 5196 vmbus - ok
18:14:20.0257 5196 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:14:20.0257 5196 VMBusHID - ok
18:14:20.0273 5196 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:14:20.0273 5196 volmgr - ok
18:14:20.0288 5196 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:14:20.0288 5196 volmgrx - ok
18:14:20.0304 5196 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:14:20.0304 5196 volsnap - ok
18:14:20.0335 5196 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:14:20.0335 5196 vsmraid - ok
18:14:20.0382 5196 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:14:20.0413 5196 VSS - ok
18:14:20.0429 5196 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:14:20.0429 5196 vwifibus - ok
18:14:20.0444 5196 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:14:20.0444 5196 W32Time - ok
18:14:20.0491 5196 [ 2F4B66BAB9F4C9D0FF4FCAA6D8888991 ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys
18:14:20.0507 5196 WacHidRouter - ok
18:14:20.0507 5196 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:14:20.0507 5196 WacomPen - ok
18:14:20.0554 5196 [ 366669F53F8CAF96AF9264EF9BC95084 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
18:14:20.0554 5196 wacomrouterfilter - ok
18:14:20.0569 5196 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:14:20.0585 5196 WANARP - ok
18:14:20.0585 5196 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:14:20.0585 5196 Wanarpv6 - ok
18:14:20.0616 5196 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:14:20.0647 5196 wbengine - ok
18:14:20.0663 5196 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:14:20.0663 5196 WbioSrvc - ok
18:14:20.0678 5196 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:14:20.0678 5196 wcncsvc - ok
18:14:20.0694 5196 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:14:20.0694 5196 WcsPlugInService - ok
18:14:20.0710 5196 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:14:20.0710 5196 Wd - ok
18:14:20.0741 5196 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:14:20.0756 5196 Wdf01000 - ok
18:14:20.0772 5196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:14:20.0772 5196 WdiServiceHost - ok
18:14:20.0772 5196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:14:20.0772 5196 WdiSystemHost - ok
18:14:20.0788 5196 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:14:20.0788 5196 WebClient - ok
18:14:20.0803 5196 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:14:20.0803 5196 Wecsvc - ok
18:14:20.0819 5196 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:14:20.0819 5196 wercplsupport - ok
18:14:20.0834 5196 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:14:20.0834 5196 WerSvc - ok
18:14:20.0850 5196 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:14:20.0850 5196 WfpLwf - ok
18:14:20.0866 5196 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:14:20.0866 5196 WIMMount - ok
18:14:20.0881 5196 WinDefend - ok
18:14:20.0881 5196 WinHttpAutoProxySvc - ok
18:14:20.0912 5196 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:14:20.0912 5196 Winmgmt - ok
18:14:20.0959 5196 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:14:20.0990 5196 WinRM - ok
18:14:21.0037 5196 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:14:21.0037 5196 WinUsb - ok
18:14:21.0068 5196 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:14:21.0084 5196 Wlansvc - ok
18:14:21.0115 5196 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:14:21.0115 5196 WmiAcpi - ok
18:14:21.0131 5196 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:14:21.0131 5196 wmiApSrv - ok
18:14:21.0146 5196 WMPNetworkSvc - ok
18:14:21.0162 5196 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:14:21.0178 5196 WPCSvc - ok
18:14:21.0193 5196 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:14:21.0193 5196 WPDBusEnum - ok
18:14:21.0209 5196 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:14:21.0209 5196 ws2ifsl - ok
18:14:21.0209 5196 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:14:21.0224 5196 wscsvc - ok
18:14:21.0224 5196 WSearch - ok
18:14:21.0287 5196 [ 6719C1A34D946370B5F735A8F2915474 ] WTabletServicePro C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
18:14:21.0287 5196 WTabletServicePro - ok
18:14:21.0365 5196 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:14:21.0396 5196 wuauserv - ok
18:14:21.0427 5196 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:14:21.0427 5196 WudfPf - ok
18:14:21.0459 5196 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:14:21.0459 5196 WUDFRd - ok
18:14:21.0490 5196 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:14:21.0490 5196 wudfsvc - ok
18:14:21.0521 5196 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:14:21.0521 5196 WwanSvc - ok
18:14:21.0552 5196 XTSvcMgr - ok
18:14:21.0552 5196 ================ Scan global ===============================
18:14:21.0568 5196 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:14:21.0599 5196 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:14:21.0615 5196 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:14:21.0630 5196 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:14:21.0630 5196 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:14:21.0646 5196 [Global] - ok
18:14:21.0646 5196 ================ Scan MBR ==================================
18:14:21.0646 5196 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:14:21.0911 5196 \Device\Harddisk0\DR0 - ok
18:14:21.0911 5196 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
18:14:22.0145 5196 \Device\Harddisk1\DR1 - ok
18:14:22.0161 5196 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk2\DR2
18:14:22.0348 5196 \Device\Harddisk2\DR2 - ok
18:14:22.0348 5196 [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk7\DR7
18:14:22.0457 5196 \Device\Harddisk7\DR7 - ok
18:14:22.0457 5196 ================ Scan VBR ==================================
18:14:22.0473 5196 [ D11F98B1043FDD49CC5EE6B960D367C6 ] \Device\Harddisk0\DR0\Partition1
18:14:22.0473 5196 \Device\Harddisk0\DR0\Partition1 - ok
18:14:22.0488 5196 [ 42E2B0D3FD82821D832EBBD17F8DEDF9 ] \Device\Harddisk0\DR0\Partition2
18:14:22.0488 5196 \Device\Harddisk0\DR0\Partition2 - ok
18:14:22.0488 5196 [ 04615F18C1DAC50FFB63449AD894863F ] \Device\Harddisk1\DR1\Partition1
18:14:22.0504 5196 \Device\Harddisk1\DR1\Partition1 - ok
18:14:22.0504 5196 [ 938DE18A1302E90BD9F71063806FD98F ] \Device\Harddisk2\DR2\Partition1
18:14:22.0504 5196 \Device\Harddisk2\DR2\Partition1 - ok
18:14:22.0504 5196 [ 15E9B70CBD63BEB5C2B16636137939D6 ] \Device\Harddisk7\DR7\Partition1
18:14:22.0504 5196 \Device\Harddisk7\DR7\Partition1 - ok
18:14:22.0504 5196 ============================================================
18:14:22.0504 5196 Scan finished
18:14:22.0504 5196 ============================================================
18:14:22.0519 6060 Detected object count: 0
18:14:22.0519 6060 Actual detected object count: 0
18:15:14.0789 5052 Deinitialize success
schritt 4 - DDS+ ----- dds.txt DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.13.2
Run by xxxxx at 18:18:24 on 2013-03-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.4079.2376 [GMT 1:00]
.
AV: Trend Micro Security Agent *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Security Agent *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\EACUSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\FontExplorer X\FontExplorer X Pro\FontManagementServices.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Trend Micro\Security Agent\tmlisten.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Wacom\WacomHost.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\SysWOW64\eclientn3.exe
C:\Windows\System32\nwtray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\ESTOS\ProCall 4\ECtiClient.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\ESTOS\ProCall 4\Communicator.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = 192.168.20.2:8080
uProxyOverride = 192.168.*.*;172.*.*.*;10.11.5.*;10.11.6.*;*.amatic1.com;*.amatic.com;amatic-at.local;<local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [ECtiClient] "C:\Program Files (x86)\ESTOS\ProCall 4\eCtiClient.exe" -autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\xxxxx\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: disablecad = dword:1
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 172.16.0.11 172.16.0.12
TCP: Interfaces\{D10037BE-9B59-4F2F-A028-9D98FB412553} : DHCPNameServer = 172.16.0.11 172.16.0.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [ETapiNotify3] C:\Windows\SysWOW64\eclientn3.exe
x64-Run: [NWTRAY] NWTRAY.EXE
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\6gtj4wa0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at
FF - prefs.js: network.proxy.ftp - 89.174.39.102
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 89.174.39.102
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 89.174.39.102
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 89.174.39.102
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-15 17:59; 5nc3QHFgcb@r06Ws9gvNNVRfH.com; C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\6gtj4wa0.default\extensions\5nc3QHFgcb@r06Ws9gvNNVRfH.com.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 NCFilter;Novell UNC Filter - Filter;C:\Windows\System32\drivers\ncfilter.sys [2012-7-13 112256]
R0 NCRecognizer;Novell UNC Filter - Recognizer;C:\Windows\System32\drivers\ncrecognizer.sys [2012-7-13 119936]
R0 NCUncFilter;Novell UNC Filter - UNC Filter;C:\Windows\System32\drivers\ncuncfilter.sys [2012-7-13 26240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-12 56208]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-10-12 272816]
R2 EACUSrv;ESTOS Automatic Client Update;C:\Windows\System32\EACUSrv.exe [2012-10-12 6758312]
R2 fexservice;FontExplorer X Pro.FontManagementService;C:\Program Files (x86)\FontExplorer X\FontExplorer X Pro\FontManagementServices.exe [2012-9-13 44408]
R2 NCFSD;Novell Client File System Redirector;C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [2012-7-13 108672]
R2 NCIOCTL;Novell Xplat IoCtl Driver;C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [2012-7-13 90240]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-12 3560288]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-10-12 69904]
R2 WTabletServicePro;Wacom Professional Service;C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2013-1-28 613760]
R2 XTSvcMgr;Novell XTier Service Manager;C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe [2012-7-13 20096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 edsservice;ESTOS Desktop Sharing Services;C:\Program Files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [2012-6-1 647064]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-5 1038088]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-1-28 13728]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-1-28 81312]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-1-28 15776]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .ini: UltraEdit.ini - HKCR\Unknown\Shell=C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
.
=============== Created Last 30 ================
.
2013-03-19 15:38:48 388096 ----a-r- C:\Users\xxxxx\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-19 15:38:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-03-19 13:30:37 -------- d-sh--w- C:\$RECYCLE.BIN
2013-03-19 13:08:18 256000 ----a-w- C:\Windows\PEV.exe
2013-03-19 13:08:18 208896 ----a-w- C:\Windows\MBR.exe
2013-03-18 17:23:24 22064 ----a-w- C:\Windows\DCEBoot64.exe
2013-03-14 11:48:31 -------- d-----w- C:\MoTemp
2013-03-13 17:25:00 -------- d-----w- C:\Users\xxxxx\AdobeLicensingFilesBackup
2013-03-13 16:59:29 -------- d-----w- C:\Users\xxxxx\AppData\Local\Adobe
2013-03-07 13:29:55 11137024 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
2013-03-06 16:21:29 -------- d-----w- C:\Program Files\unicode
2013-03-06 16:06:45 -------- d-----w- C:\Program Files\ultraedit_portable
2013-03-06 15:43:56 -------- d-----w- C:\Program Files\UltraComparePortable
2013-03-06 14:47:10 -------- d-----w- C:\Program Files (x86)\DDSV2
2013-03-06 09:19:00 -------- d-----w- C:\Users\xxxxx\AppData\Roaming\OfficeRecovery.3b8e22fe
2013-03-06 09:19:00 -------- d-----w- C:\Users\xxxxx\AppData\Roaming\OfficeRecovery
2013-03-01 17:41:43 -------- d-----w- C:\Users\xxxxx\AppData\Local\BorisFX
2013-03-01 17:37:09 29476864 ----a-w- C:\Windows\System32\BCC8_AE_Float.dll
2013-03-01 17:37:08 29330432 ----a-w- C:\Windows\System32\BCC8_AE_16Bit.dll
2013-03-01 17:37:07 9286144 ----a-w- C:\Windows\System32\BCC8_3DObjects_AE.dll
2013-03-01 17:37:07 29283328 ----a-w- C:\Windows\System32\BCC8_AE_8Bit.dll
2013-03-01 15:34:04 -------- d-----w- C:\Users\xxxxx\AppData\Roaming\com.amazon.music.uploader
2013-03-01 15:33:32 -------- d-----w- C:\Program Files (x86)\Amazon
2013-02-27 10:31:30 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-02-27 10:31:30 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-02-26 10:19:50 -------- d-----w- C:\Users\xxxxx\AppData\Roaming\simplitec
2013-02-26 10:01:47 -------- d-----w- C:\ProgramData\simplitec
2013-02-26 10:01:39 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-02-25 18:05:51 -------- d-----w- C:\Users\xxxxx\AppData\Roaming\SorensonMedia
2013-02-25 10:18:03 -------- d-----w- C:\Users\xxxxx\AppData\Roaming\JGoodies
2013-02-25 10:14:02 -------- d-----w- C:\Program Files (x86)\JGoodies
2013-02-19 04:02:37 -------- d-----w- C:\temp
.
==================== Find3M ====================
.
2013-03-19 10:58:53 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-19 10:58:52 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 09:40:27 4047024 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2013-02-05 11:22:17 36868 ----a-w- C:\Program Files (x86)\uninst-Particular.exe
2013-02-04 08:55:56 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-04 08:55:54 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-04 08:55:54 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 18:18:57,12 ===============
attach.txt Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12.10.2012 13:03:04
System Uptime: 20.03.2013 17:55:14 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 0AA0h
Processor: Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz | XU1 PROCESSOR | 2833/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 402,197 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 254,722 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 112,63 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable
O: is CDROM ()
P: is NetworkDisk (NTFS) - 5497 GiB total, 476,924 GiB free.
Y: is NetworkDisk (NTFS) - 5497 GiB total, 476,924 GiB free.
Z: is NetworkDisk (NTFS) - 5497 GiB total, 476,924 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2-kompatible Maus
Device ID: ACPI\PNP0F13\4&2E3B85E2&0
Manufacturer: Microsoft
Name: PS/2-kompatible Maus
PNP Device ID: ACPI\PNP0F13\4&2E3B85E2&0
Service: i8042prt
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standardtastatur (PS/2)
Device ID: ACPI\PNP0303\4&2E3B85E2&0
Manufacturer: (Standardtastaturen)
Name: Standardtastatur (PS/2)
PNP Device ID: ACPI\PNP0303\4&2E3B85E2&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP73: 19.03.2013 16:38:04 - Installed HiJackThis
RP74: 20.03.2013 09:37:16 - Removed Sorenson Squeeze 8.5.1
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Template Projects & Footage
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Production Premium
Adobe CS4 American English Speech Analysis Models
Adobe CS4 French Speech Analysis Models
Adobe CS4 German Speech Analysis Models
Adobe CS4 International English Speech Analysis Models
Adobe CS4 Italian Speech Analysis Models
Adobe CS4 Japanese Speech Analysis Models
Adobe CS4 Korean Speech Analysis Models
Adobe CS4 Spanish Speech Analysis Models
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Fonts All x64
Adobe Help Manager
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader XI (11.0.02) - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Amazon Music Importer
Apple Application Support
Apple Software Update
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
BenVista PhotoZoom Pro 5.0.4
bl
Boris Continuum Complete 8 Adobe CS3 CS4
Boris Continuum Complete AE 6
Connect
dBpoweramp DSP Effects
dBpoweramp m4a Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBPowerAMP Real Audio (Helix) Encoder
dBpoweramp Windows Media Audio 10 Codec
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
ESTOS ProCall
FontExplorer X Pro
FreeFileSync 5.12
Google Drive
Google Update Helper
High-Logic FontCreator 6.5
HiJackThis
IrfanView (remove only)
Java 7 Update 13
Java Auto Updater
JDiskReport 1.4.0
kuler
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MozBackup 1.5.1
Mozilla Firefox 19.0.2 (x86 de)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
NICI (64 bit)
NICI (Shared) U.S./Worldwide (128 bit) (2.7.6-1)
Novell Client für Windows
NVIDIA 3D Vision Controller-Treiber 305.93
NVIDIA 3D Vision Treiber 306.97
NVIDIA Grafiktreiber 306.97
NVIDIA Install Application
NVIDIA nView 136.53
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 306.97
PDF Settings CS4
PDF Settings CS6
PDFCreator
ph
Photoshop Camera Raw
Photoshop Camera Raw_x64
Pixel Bender Toolkit
QuickTime
RAD Video Tools
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Skype™ 6.1
Suite Shared Configuration CS4
TeamViewer 8
TortoiseSVN 1.7.10.23359 (64 bit)
Trapcode Form
Trapcode Horizon
Trapcode Particular v2
Trapcode Shine
Trapcode Starglow
Trend Micro Worry-Free Business Security Agent
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Wacom Tablett
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
Windows-Treiberpaket - Hewlett-Packard Image (12/27/2006 8.0.0.0)
WinRAR 4.20 (64-Bit)
.
==== End Of File ===========================
|
|
20.03.2013, 19:48
| #8 |
| /// TB-Ausbilder | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) Ja gut gemacht  Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen
Schritt 2: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.03.2013, 00:12
| #9 |
| | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) zum deinstallieren gab es meines erachtens nichts, hab auch nichts von deiner liste gefunden. konnte Trend Micro nicht ausschalten, passwortgeschützt, hat mein kumpel so eingerichtet .. und der ist die nächsten tage nicht ereichbar. hab das ComboFix trotzdem mal laufen lassen, hier das ergebniss: Code:
ATTFilter ComboFix 13-03-20.02 - vojkam 20.03.2013 23:42:24.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.4079.2414 [GMT 1:00]
ausgeführt von:: c:\users\xxxxx\Desktop\ComboFix.exe
AV: Trend Micro Security Agent *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
FW: Trend Micro Personal Firewall *Disabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}
SP: Trend Micro Security Agent *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
* Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-20 bis 2013-03-20 ))))))))))))))))))))))))))))))
.
.
2013-03-20 22:52 . 2013-03-20 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-20 22:52 . 2013-03-20 22:52 -------- d-----w- c:\users\AMAInst\AppData\Local\temp
2013-03-20 22:52 . 2013-03-20 22:52 -------- d-----w- c:\users\AMAInst.ADAMATIC\AppData\Local\temp
2013-03-20 22:52 . 2013-03-20 22:52 -------- d-----w- c:\users\AMAINS~1~ADA\AppData\Local\temp
2013-03-20 22:52 . 2013-03-20 22:52 -------- d-----w- c:\users\administrator\AppData\Local\temp
2013-03-20 12:13 . 2013-03-20 12:13 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-03-19 15:38 . 2013-03-19 15:38 388096 ----a-r- c:\users\xxxxx\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-19 15:38 . 2013-03-19 15:38 -------- d-----w- c:\program files (x86)\Trend Micro
2013-03-18 17:23 . 2013-03-20 16:20 22064 ----a-w- c:\windows\DCEBoot64.exe
2013-03-14 11:48 . 2013-03-14 11:48 -------- d-----w- C:\MoTemp
2013-03-13 17:25 . 2013-03-19 09:04 -------- d-----w- c:\users\xxxxx\AdobeLicensingFilesBackup
2013-03-13 16:59 . 2013-03-20 11:37 -------- d-----w- c:\users\xxxxx\AppData\Local\Adobe
2013-03-07 13:29 . 2012-03-23 18:58 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2013-03-06 16:21 . 2013-03-06 16:51 -------- d-----w- c:\program files\unicode
2013-03-06 14:47 . 2013-03-06 14:57 -------- d-----w- c:\program files (x86)\DDSV2
2013-03-06 09:19 . 2013-03-06 09:19 -------- d-----w- c:\users\xxxxx\AppData\Roaming\OfficeRecovery
2013-03-01 17:41 . 2013-03-01 17:41 -------- d-----w- c:\users\xxxxx\AppData\Local\BorisFX
2013-03-01 17:37 . 2012-01-17 23:54 29476864 ----a-w- c:\windows\system32\BCC8_AE_Float.dll
2013-03-01 17:37 . 2012-01-18 01:12 29330432 ----a-w- c:\windows\system32\BCC8_AE_16Bit.dll
2013-03-01 17:37 . 2012-01-18 01:31 9286144 ----a-w- c:\windows\system32\BCC8_3DObjects_AE.dll
2013-03-01 17:37 . 2012-01-18 01:24 29283328 ----a-w- c:\windows\system32\BCC8_AE_8Bit.dll
2013-03-01 15:34 . 2013-03-01 15:34 -------- d-----w- c:\users\xxxxx\AppData\Roaming\com.amazon.music.uploader
2013-03-01 15:33 . 2013-03-01 15:33 -------- d-----w- c:\program files (x86)\Amazon
2013-02-26 10:19 . 2013-02-26 10:19 -------- d-----w- c:\users\xxxxx\AppData\Roaming\simplitec
2013-02-26 10:01 . 2013-02-26 10:01 -------- d-----w- c:\programdata\simplitec
2013-02-26 10:01 . 2013-02-26 10:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-02-25 18:05 . 2013-02-25 18:05 -------- d-----w- c:\users\xxxxx\AppData\Roaming\SorensonMedia
2013-02-25 10:18 . 2013-02-25 10:18 -------- d-----w- c:\users\xxxxx\AppData\Roaming\JGoodies
2013-02-25 10:14 . 2013-02-25 10:14 -------- d-----w- c:\program files (x86)\JGoodies
2013-02-19 04:02 . 2013-03-19 00:00 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 10:58 . 2012-10-12 12:00 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-19 10:58 . 2012-10-12 12:00 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 09:40 . 2012-11-14 18:15 4047024 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2013-02-05 11:22 . 2013-02-05 11:22 36868 ----a-w- c:\program files (x86)\uninst-Particular.exe
2013-02-04 08:55 . 2013-02-04 08:56 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-04 08:55 . 2012-10-12 12:04 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-04 08:55 . 2012-10-12 12:04 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-17 16328976]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ECtiClient"="c:\program files (x86)\ESTOS\ProCall 4\eCtiClient.exe" [2012-06-01 20119936]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 edsservice;ESTOS Desktop Sharing Services;c:\program files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [2012-06-01 647064]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-02-05 1038088]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-10-12 13728]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-10-12 81312]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-10-12 15776]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2012-07-13 112256]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2012-07-13 119936]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2012-07-13 26240]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 EACUSrv;ESTOS Automatic Client Update;c:\windows\system32\EACUSrv.exe [2012-06-01 6758312]
S2 fexservice;FontExplorer X Pro.FontManagementService;c:\program files (x86)\FontExplorer X\FontExplorer X Pro\FontManagementServices.exe [2012-09-13 44408]
S2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2012-07-13 108672]
S2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2012-07-13 90240]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-06-23 69904]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe [2012-10-29 613760]
S2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2012-07-13 20096]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 65801998
*NewlyCreated* - ASWMBR
*Deregistered* - 65801998
*Deregistered* - aswMBR
*Deregistered* - nccache
*Deregistered* - nciom
*Deregistered* - ncp
*Deregistered* - ncpfsp
*Deregistered* - ncpl
*Deregistered* - ndm
*Deregistered* - ndmndap
*Deregistered* - nds4
*Deregistered* - ndslpp
*Deregistered* - niam
*Deregistered* - nipctl
*Deregistered* - nscm
*Deregistered* - nsns
*Deregistered* - nsvccost
*Deregistered* - xtxplat
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-23 09:51]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-23 09:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\xxxxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-12-13 219480]
"ETapiNotify3"="c:\windows\SysWOW64\eclientn3.exe" [2012-10-12 1961472]
"NWTRAY"="NWTRAY.EXE" [2012-07-13 38016]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 192.168.20.2:8080
uInternet Settings,ProxyOverride = 192.168.*.*;172.*.*.*;10.11.5.*;10.11.6.*;*.amatic1.com;*.amatic.com;amatic-at.local;<local>
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.0.11 172.16.0.12
FF - ProfilePath - c:\users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\6gtj4wa0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at
FF - prefs.js: network.proxy.ftp - 89.174.39.102
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 89.174.39.102
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 89.174.39.102
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 89.174.39.102
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-15 17:59; 5nc3QHFgcb@r06Ws9gvNNVRfH.com; c:\users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\6gtj4wa0.default\extensions\5nc3QHFgcb@r06Ws9gvNNVRfH.com.xpi
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:b2,07,16,91,8d,ad,de,03,1c,05,5e,4e,cb,20,16,6d,9e,c9,63,91,3c,
40,5b,8a,20,91,b1,2f,c7,4c,62,7c,a9,95,57,d7,be,25,81,e3,73,48,31,0d,97,16,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:b2,07,16,91,8d,ad,de,03,1c,05,5e,4e,cb,20,16,6d,9e,c9,63,91,3c,
40,5b,8a,20,91,b1,2f,c7,4c,62,7c,a9,95,57,d7,be,25,81,e3,73,48,31,0d,97,16,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-20 23:55:24
ComboFix-quarantined-files.txt 2013-03-20 22:55
.
Vor Suchlauf: 18 Verzeichnis(se), 441.422.237.696 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 441.524.531.200 Bytes frei
.
- - End Of File - - 87A2782DC894A0516AE83BA61C3DCAF0
|
|
21.03.2013, 09:09
| #10 |
| /// TB-Ausbilder | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Downloade Dir bitteSchritt 2: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 3: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.03.2013, 09:50
| #11 |
| | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) kurze mitteilung dazwischen: du schreibst: .. Soweit ich das sehe haben wir damit alles Schädliche entfernt ... aber mein Trend Micro Security Agent meldet nach wie vor dieselben 2 dateien .. trotzdem bin ich guter dinge, ich mach jetzt erst mal die 3 von dir empfohlenen scans. :-) Geändert von microdns (21.03.2013 um 09:51 Uhr) Grund: schreibfehler |
|
21.03.2013, 11:52
| #12 |
| /// TB-Ausbilder | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) Also die genannten Dateien sind in den Logfiles bisher nicht aufgetaucht. Wir schauen mal was der Scan bringt.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.03.2013, 16:56
| #13 |
| | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.21.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 xxxxx :: WS026RUT [Administrator] 21.03.2013 09:45:39 mbam-log-2013-03-21 (09-45-39).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 291815 Laufzeit: 4 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Documents and Settings\xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\1d9af5b9-429208cf multiple threats
C:\Dokumente und Einstellungen\xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\1d9af5b9-429208cf multiple threats
C:\Users\xxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\1d9af5b9-429208cf multiple threats
F:\Dokumente und Einstellungen\xxxxx\Eigene Dateien\Downloads\vlc-1.1.11-win32.exe Win32/StartPage.OIE trojan
Code:
ATTFilter Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Trend Micro Security Agent Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java 7 Update 13 Adobe Flash Player 11.6.602.180 Adobe Reader XI Mozilla Firefox (19.0.2) ````````Process Check: objlist.exe by Laurent```````` Trend Micro AMSP coreServiceShell.exe Trend Micro UniClient UiFrmWrk uiWatchDog.exe Trend Micro AMSP coreFrameworkHost.exe Trend Micro Security Agent tmlisten.exe Trend Micro UniClient UiFrmWrk uiSeAgnt.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````  ESET hat anscheinend was gefunden, oder?  |
|
21.03.2013, 18:54
| #14 | |
| /// TB-Ausbilder | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD)Zitat:
Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: ESET deinstallieren (Optional)
Abschließend noch Tipps zu folgenden Themen:
Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.03.2013, 21:22
| #15 |
| | TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) wart mal, da stimmt was nicht, wir haben was übersehen! bei schritt 2, ESET Online Scanner, steht doch: Gehe sicher, dass bei Remove Found Threads kein Haken gesetzt ist. somit wurden ja beim scannen die 4 einträge zwar gefunden, jedoch nicht gelöscht, oder? das würde auch erklären, wieso ich noch immer die virenmeldungen bekomme! ausserdem ist der von dir erwähnte eintrag Code:
ATTFilter F:\Dokumente und Einstellungen\xxxxx\Eigene Dateien\Downloads\vlc-1.1.11-win32.exe Win32/StartPage.OIE trojan
und ich denke nicht, dass das der aktive visrus ist. Geändert von microdns (21.03.2013 um 21:28 Uhr) Grund: text erweiterung |
|
| Themen zu TrendMicro Worry Free Business Security meldet: "At1.job" und "ojswjz.ouu" (Mal_DownadJ und WORM_DOWNAD.AD) |
| antivirus, at1.job, c:\windows, combofix, file, free, google, hijack, hijackthis, installiert, logfile, melde, meldet, meldung, natürlich, neustarten, nichts, osjwjz.ouu, sache, sachen, security, software, stelle, system, system32, trend micro, windows, worm |
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
