| |
| |||||||
Log-Analyse und Auswertung: Googlesuche wird auf falsche Seiten weitergeleitet.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.01.2013, 17:28
| #1 |
| |  Googlesuche wird auf falsche Seiten weitergeleitet. Hallo Boardteam, ich wünsche euch ein frohes gesundes und erfolgreiches neues Jahr. Wie hier im Forum steht sollte jeder für sein Trojaner ein eigen Post aufmachen, also fange ich an. Die Suche in Google wird auf andere Seiten umgeleitet. Malwarebytes habe ich schon installiert und OTL ist auch schon drauf. Logfiles folgen die Scans laufen noch. Vielen Dank Kurzer OTL Extras.log Code:
ATTFilter OTL Extras logfile created on: 01.01.2013 17:24:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = \\SBS11-AF-01\Firma\Gemeinsame Dateien
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 49,03% Memory free
7,81 Gb Paging File | 5,75 Gb Available in Paging File | 73,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 347,37 Gb Total Space | 300,77 Gb Free Space | 86,58% Space Free | Partition Type: NTFS
Computer Name: PC-AF-001 | User Name: master | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{23331AC9-3F28-45C7-8C33-10324BC92983}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{284D303C-D2A9-4EE6-AEC6-18E830719F92}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{40F719D8-2B6F-4BB2-B0C4-08337FF9C32E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{511EBB56-EA10-4F8F-BC64-BA971A2941EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55D0693A-1BB2-44ED-8161-7A92B18A1405}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5973D47D-4610-4F84-9A64-F390DE04649E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{66574149-E8C2-4C08-95A0-DC3E1B4E2CDB}" = lport=49153 | protocol=17 | dir=in | name=lancapi |
"{810348C3-7DDD-4F76-BBAE-EBFF6938D89C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{93E6C5C2-A77A-4D96-B995-D24E20F971C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98AE1E1E-F771-40E9-B5DB-9F8B98685704}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CA66BFF-2587-42C0-8611-4719F1BC6F42}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BEA395A0-185D-4574-8AB6-236C86E1F295}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DFAB48CD-023E-45D8-A17F-FCF751547425}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4B6BC71-AEF2-4FFC-AEF9-AC973E287478}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6046F96-2493-4821-9A8D-DF4520F3CBD9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F06056B-D50A-45BD-9F06-E082847DC6DC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{38C5AF5C-19A2-45AB-B593-372CE5B8207A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{45549A39-3305-48BA-8A03-6CC3EA003B29}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{493A9E38-5ED8-4D9B-AC05-C6E09809FB79}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{4D6C823F-6A31-4CB7-8A7A-DA0084A74F3D}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{5B54D2DE-0FF2-495F-B9AF-C438199F62F3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{5F10FABA-0354-4D6B-B430-6DBD4D740F82}" = protocol=6 | dir=in | app=\\sbs11-af-01\starmoney business 5.0 deutsche bank edition\ouservice\starmoneyonlineupdate.exe |
"{6BA1D22B-830B-41E0-B810-2242AB26311D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{735CC61D-6637-4D1F-B6B3-67E1C4334F3F}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{74837FC4-5C22-4803-B010-CACA3604C2FB}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{81A7F7FB-A255-4BBC-84F2-6962F0BBBAAB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{847349B5-B9BE-49DD-BC77-84C99EB5A716}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{84F2E98A-FF3B-4CDF-BD2A-76BF77887D94}" = protocol=17 | dir=in | app=\\sbs11-af-01\starmoney business 5.0 deutsche bank edition\app\starmoney.exe |
"{85BC8B8A-BB0E-4005-B12B-14036099EFD6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9CF32083-A30C-4ADE-926E-3C472823B4FC}" = protocol=6 | dir=in | app=\\sbs11-af-01\starmoney business 5.0 deutsche bank edition\app\starmoney.exe |
"{A5D1E6EC-C86F-4C72-A107-0BF985DAF45D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A9FBDCC0-81CD-4A4B-BBA7-467F557F9194}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AFA4BA1E-D64B-479C-95EB-168DCD857A9C}" = protocol=17 | dir=in | app=\\sbs11-af-01\starmoney business 5.0 deutsche bank edition\ouservice\starmoneyonlineupdate.exe |
"{D1453702-35A2-4671-A93E-19C1F5A1C3C6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{D6D60AD2-5EBF-4A02-AED1-7A2E424171A2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{2D80FD77-4DF5-4143-B818-D9273E158E65}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{D0491183-0933-418F-88F9-586B50EADA5F}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1A3B22D6-4932-4920-B7D3-7D17D36E9BA4}" = Microsoft SQL Server 2005-Abwärtskompatibilität
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AAD74846-0637-4DAE-BF0C-7B66D3304F87}" = Symantec Endpoint Protection Small Business Edition
"{C1E4D639-4A33-4314-809E-89BD0EF48522}" = Windows Small Business Server 2011 Connector
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EEF9C83C-5D22-4BB8-8453-0F4F5F2328D2}" = Nitro Pro 7
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"CapiModm" = CAPI Faxmodem
"LcsCapi" = LANCAPI
"LcsNdisWan" = LANCAPI DFÜ-Netzwerk Unterstützung
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{29C7C827-D527-4CBE-9003-CBD6E2634727}" = Wildeboer Bauteile Dimensionierung
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40EF8EA6-8FC5-49CA-9C08-CC2AAF664238}" = StarMoney Business 5.0 Deutsche Bank Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A11D2FE-62A1-4588-9F16-8DB3993EBDB1}" = Air Humid Handling
"{5B12C1F2-A0BC-40E8-97F8-A4854C5F494E}" = StarMoney
"{6020E187-FF3D-41A3-999B-412CF16EB9A9}" = Sage Handwerk Setup-Requirements
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7895E7FF-C210-4C01-88EB-8B902140B22D}" = StarMoney
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BE046242-BA39-4382-B039-A8B8284E01B5}" = Sage HWP 2012
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"DeskUpdate_is1" = DeskUpdate 4.11
"Google Chrome" = Google Chrome
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"TeamViewer 6 Host" = TeamViewer 6 Host
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Xpress" = Xpress
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.12.2012 02:53:50 | Computer Name = PC-AF-001.Airfit.local | Source = WinMgmt | ID = 10
Description =
Error - 04.12.2012 03:03:45 | Computer Name = PC-AF-001.Airfit.local | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 04.12.2012 10:56:32 | Computer Name = PC-AF-001.Airfit.local | Source = WinMgmt | ID = 10
Description =
Error - 05.12.2012 03:00:49 | Computer Name = PC-AF-001.Airfit.local | Source = WinMgmt | ID = 10
Description =
Error - 10.12.2012 03:03:34 | Computer Name = PC-AF-001.Airfit.local | Source = WinMgmt | ID = 10
Description =
Error - 12.12.2012 03:12:32 | Computer Name = PC-AF-001.Airfit.local | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.
Error - 13.12.2012 04:06:59 | Computer Name = PC-AF-001.Airfit.local | Source = WinMgmt | ID = 10
Description =
Error - 17.12.2012 02:55:18 | Computer Name = PC-AF-001.Airfit.local | Source = WinMgmt | ID = 10
Description =
Error - 17.12.2012 03:30:20 | Computer Name = PC-AF-001.Airfit.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Handwerk.exe, Version: 5.1.2.63,
Zeitstempel: 0x4f8eaaff Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1701e002 ID des fehlerhaften
Prozesses: 0xe68 Startzeit der fehlerhaften Anwendung: 0x01cddc27e84df908 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Sage\Handwerk\Handwerk.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: 9c5860f1-481b-11e2-b7ba-00a05707c5c0
Error - 17.12.2012 05:59:27 | Computer Name = PC-AF-001.Airfit.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x11d4 Startzeit der fehlerhaften Anwendung: 0x01cddc3a6e7b863c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 71176e65-4830-11e2-b7ba-00a05707c5c0
[ System Events ]
Error - 05.10.2012 10:20:30 | Computer Name = PC-AF-001.Airfit.local | Source = UmrdpService | ID = 1111
Description = Der für den Drucker PDF24 PDF erforderliche Treiber PDF24 PDF ist
unbekannt. Wenden Sie sich an den Administrator, um den Treiber zu installieren,
bevor Sie sich erneut anmelden.
Error - 21.10.2012 06:40:44 | Computer Name = PC-AF-001.Airfit.local | Source = TermDD | ID = 655416
Description =
Error - 22.10.2012 03:15:21 | Computer Name = PC-AF-001.Airfit.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne HAMBURG aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 15.11.2012 03:47:10 | Computer Name = PC-AF-001.Airfit.local | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Update für Kernelmodustreiber-Framework Version
1.11 für Windows 7 für x64-basierte Systeme (KB2685811)
Error - 15.11.2012 04:03:59 | Computer Name = PC-AF-001.Airfit.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne HAMBURG aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 10.12.2012 04:03:07 | Computer Name = PC-AF-001.Airfit.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne HAMBURG aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 19.12.2012 06:30:56 | Computer Name = PC-AF-001.Airfit.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne HAMBURG aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 19.12.2012 16:30:53 | Computer Name = PC-AF-001.Airfit.local | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne HAMBURG aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies
kann zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer
mit dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn
das Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein
Domänencontroller der bestimmten Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 19.12.2012 18:34:43 | Computer Name = PC-AF-001.Airfit.local | Source = SMSvcHost 4.0.0.0 | ID = 262152
Description = An error occurred while dispatching a duplicated socket: this handle
is now leaked in the process. ID: 2232 Source: System.ServiceModel.Activation.TcpWorkerProcess/59088883
Exception:
System.ServiceModel.ServiceActivationException: An error occurred while duplicating
a socket. See inner exception for more information. ---> System.Net.Sockets.SocketException:
Ein ungültiges Argument wurde angegeben at System.Net.Sockets.Socket.DuplicateAndClose(Int32
targetProcessId) at System.ServiceModel.Channels.SocketConnection.DuplicateAndClose(Int32
targetProcessId) at System.ServiceModel.Activation.TcpWorkerProcess.DuplicateConnection(ListenerSessionConnection
session) --- End of inner exception stack trace --- at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult
result) at System.ServiceModel.Activation.WorkerProcess.EndDispatchSession(IAsyncResult
result) Process Name: SMSvcHost Process ID: 2012
Error - 29.12.2012 09:29:43 | Computer Name = PC-AF-001.Airfit.local | Source = Microsoft-Windows-GroupPolicy | ID = 1054
Description = Fehler beim Verarbeiten der Gruppenrichtlinie. Der Name eines Domänencontrollers
konnte nicht abgerufen werden. Dies kann auf einen Fehler bei der Namensauflösung
zurückzuführen sein. Überprüfen Sie, ob DNS (Domain Name System) konfiguriert ist
und richtig ausgeführt wird.
[ WSSG Events ]
Error - 31.12.2012 03:48:11 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich. Grund: ServerUnreachable,
System.String[]
Error - 31.12.2012 05:53:20 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich. Grund: ServerUnreachable,
System.String[]
Error - 31.12.2012 09:48:10 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich. Grund: ServerUnreachable,
System.String[]
Error - 31.12.2012 11:53:20 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich. Grund: ServerUnreachable,
System.String[]
Error - 31.12.2012 15:48:09 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich. Grund: ServerUnreachable,
System.String[]
Error - 31.12.2012 17:53:19 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich. Grund: ServerUnreachable,
System.String[]
Error - 31.12.2012 21:48:08 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich. Grund: ServerUnreachable,
System.String[]
Error - 31.12.2012 23:53:17 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich. Grund: ServerUnreachable,
System.String[]
Error - 01.01.2013 03:48:07 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich. Grund: ServerUnreachable,
System.String[]
Error - 01.01.2013 05:53:18 | Computer Name = PC-AF-001.Airfit.local | Source = Windows Server | ID = 268370434
Description = Der Sicherungsauftrag 0 auf "" war nicht erfolgreich. Grund: ServerUnreachable,
System.String[]
< End of report >
Code:
ATTFilter OTL logfile created on: 01.01.2013 17:24:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = \\SBS11-AF-01\Firma\Gemeinsame Dateien 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 49,03% Memory free 7,81 Gb Paging File | 5,75 Gb Available in Paging File | 73,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 347,37 Gb Total Space | 300,77 Gb Free Space | 86,58% Space Free | Partition Type: NTFS Computer Name: PC-AF-001 | User Name: master | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - \\SBS11-AF-01\Firma\Gemeinsame Dateien\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation) PRC - c:\program files (x86)\teamviewer\version6\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - c:\program files (x86)\teamviewer\version6\TeamViewer_Desktop.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe (Sage Software) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (NitroDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe (Nitro PDF Software) SRV:64bit: - (ServiceProviderRegistry) -- C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe (Microsoft Corporation) SRV:64bit: - (LcsFwTool) -- C:\Program Files\LANCOM\LANCAPI\fwtool.exe (LANCOM Systems GmbH, Würselen (Germany)) SRV:64bit: - (LANConfig) -- C:\Program Files\Windows Server\Bin\LANConfigSvc.exe (Microsoft Corporation) SRV:64bit: - (WSS_ComputerBackupProviderSvc) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation) SRV:64bit: - (SqmProviderSvc) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation) SRV:64bit: - (providers_system) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation) SRV:64bit: - (NotificationsProviderSvc) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation) SRV:64bit: - (initMonitor) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation) SRV:64bit: - (HealthAlertsSvc) -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe (Microsoft Corporation) SRV:64bit: - (WSConnectorUpdate) -- C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe (Microsoft Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation) SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SageDeploymentService) -- C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe (Sage Software) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (LiveUpdate) -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (LcsCapiDrv) -- C:\Windows\SysNative\drivers\rcapi.sys (LANCOM Systems) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BackupReader) -- C:\Windows\SysNative\drivers\BackupReader.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LCSWAN) -- C:\Windows\SysNative\drivers\lcswan.sys (LANCOM Systems) DRV:64bit: - (LcsCapiMdm) -- C:\Windows\SysNative\drivers\vmdmd.sys (LANCOM Systems) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121231.020\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121231.020\eng64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C4795816-9508-4EB5-BC83-A993A381F673} IE:64bit: - HKLM\..\SearchScopes\{C4795816-9508-4EB5-BC83-A993A381F673}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {C4795816-9508-4EB5-BC83-A993A381F673} IE - HKLM\..\SearchScopes\{C4795816-9508-4EB5-BC83-A993A381F673}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSG IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1111\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1111\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1111\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1111\..\SearchScopes,DefaultScope = {C4795816-9508-4EB5-BC83-A993A381F673} IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1111\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\master.HAMBURG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\master.HAMBURG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\master.HAMBURG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\master.HAMBURG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launchpad] C:\Program Files\Windows Server\Bin\Launchpad.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [SMB50StarMoneyRunEntry] X:\app\oflagent.exe File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2657049114-1421870595-21446388-1111..\Run: [LANCAPI] C:\Program Files\LANCOM\LANCAPI\rcapi.exe (LANCOM Systems GmbH, Würselen (Germany)) O4 - HKU\S-1-5-21-2657049114-1421870595-21446388-1114..\Run: [Fidtimkr] C:\Users\wommelsdorff\AppData\Roaming\docprop6.dll () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = File not found O4 - Startup: C:\Users\wommelsdorff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LANCAPI.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2657049114-1421870595-21446388-1111\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2657049114-1421870595-21446388-1114\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: SBS11-AF-01 ([]file in Local intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.40.5 217.237.150.205 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Airfit.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C867445C-FF5B-46F2-B105-718EB610EDFD}: DhcpNameServer = 192.168.40.5 217.237.150.205 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f060dbcd-8bd5-11e1-a211-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f060dbcd-8bd5-11e1-a211-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.29 15:36:25 | 000,000,000 | ---D | C] -- C:\Users\master.HAMBURG\AppData\Local\Microsoft_Corporation [2012.12.29 14:36:49 | 000,000,000 | ---D | C] -- C:\Users\master.HAMBURG\AppData\Local\Programs [2012.12.21 15:55:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012.12.21 15:55:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012.12.21 15:55:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012.12.21 15:55:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012.12.21 15:55:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys [2012.12.21 15:55:05 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012.12.21 15:55:03 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012.12.21 15:55:03 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012.12.21 15:55:03 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012.12.21 15:55:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012.12.21 15:55:03 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012.12.21 15:55:03 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012.12.21 15:55:03 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012.12.21 15:55:03 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012.12.21 15:55:03 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012.12.21 15:55:03 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012.12.21 15:55:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012.12.21 15:55:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012.12.21 15:55:03 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012.12.21 15:55:03 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012.12.21 15:55:02 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012.12.21 15:55:02 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012.12.21 15:55:02 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012.12.21 15:55:02 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012.12.21 15:55:02 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012.12.21 15:54:38 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 15:54:38 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 15:54:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 15:54:37 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.21 15:54:14 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.12.21 15:54:14 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.12.21 15:54:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.12.21 15:54:06 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.12.21 15:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.12.21 15:48:39 | 000,000,000 | ---D | C] -- C:\Users\master.HAMBURG\AppData\Local\Google [2012.12.19 19:51:29 | 000,000,000 | ---D | C] -- C:\Users\master.HAMBURG\AppData\Roaming\Malwarebytes [2012.12.19 19:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.19 19:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.19 19:51:13 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.19 19:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.13 08:46:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.13 08:46:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.13 08:46:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.13 08:46:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.13 08:46:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.13 08:46:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.13 08:46:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.13 08:46:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.13 08:46:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.13 08:46:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.13 08:46:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.13 08:46:06 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.13 08:46:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.13 08:46:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.13 08:46:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.11 22:43:31 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.11 22:43:31 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.11 22:43:31 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.11 22:43:31 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.11 22:43:30 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.11 22:43:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.11 22:43:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.11 22:43:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.11 22:43:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.11 22:43:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.11 22:43:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.11 22:43:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.11 22:43:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.11 22:43:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.11 22:43:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.11 22:43:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.11 22:43:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.11 22:43:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.11 22:43:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.11 22:43:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.11 22:43:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.11 22:43:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.11 22:43:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.11 22:42:53 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.11 22:42:53 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll ========== Files - Modified Within 30 Days ========== [2013.01.01 17:07:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.01 16:53:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.01 16:41:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.01 16:40:09 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.01 16:40:09 | 000,016,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.01 16:37:00 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.01 16:37:00 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.01 16:37:00 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.01 16:37:00 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.01 16:37:00 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.01 16:32:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.01 16:31:47 | 3146,059,776 | -HS- | M] () -- C:\hiberfil.sys [2012.12.29 17:53:17 | 000,002,155 | ---- | M] () -- \\SBS11-AF-01\Benutzer\master\Desktop\Google Chrome.lnk [2012.12.29 14:42:04 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.12.29 14:42:03 | 000,000,008 | RHS- | M] () -- C:\Users\master.HAMBURG\ntuser.pol [2012.12.29 14:37:04 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.28 11:40:05 | 000,002,959 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.28 08:07:47 | 000,346,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.12 10:07:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.12 10:07:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.12.29 17:53:17 | 000,002,155 | ---- | C] () -- \\SBS11-AF-01\Benutzer\master\Desktop\Google Chrome.lnk [2012.12.29 14:42:04 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.12.28 11:40:05 | 000,002,959 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.21 15:48:40 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.21 15:48:40 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.19 19:51:14 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.15 07:21:22 | 000,004,910 | ---- | C] () -- C:\ProgramData\uvhsaztn.njk [2012.05.15 07:21:22 | 000,000,000 | ---- | C] () -- C:\ProgramData\3769320754 [2012.05.14 08:52:02 | 000,004,910 | ---- | C] () -- C:\ProgramData\tvhsaztn.njk [2012.04.23 11:51:53 | 000,000,008 | RHS- | C] () -- C:\Users\master.HAMBURG\ntuser.pol [2012.04.21 20:24:04 | 000,003,086 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.04.04 08:41:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.04.04 08:41:07 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.04.04 08:41:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.08.12 10:47:01 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL [2011.04.15 06:37:26 | 005,045,666 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.05 13:19:48 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Fujitsu Launch Center [2012.04.21 09:52:58 | 000,000,000 | ---D | M] -- C:\Users\master\AppData\Roaming\Fujitsu Launch Center [2012.04.23 11:52:33 | 000,000,000 | ---D | M] -- C:\Users\master.HAMBURG\AppData\Roaming\Fujitsu Launch Center [2012.09.14 10:03:43 | 000,000,000 | ---D | M] -- C:\Users\wommelsdorff\AppData\Roaming\Downloaded Installations [2012.04.21 20:25:08 | 000,000,000 | ---D | M] -- C:\Users\wommelsdorff\AppData\Roaming\Fujitsu Launch Center [2012.06.13 10:48:37 | 000,000,000 | ---D | M] -- C:\Users\wommelsdorff\AppData\Roaming\Handwerk [2012.12.28 08:55:29 | 000,000,000 | ---D | M] -- C:\Users\wommelsdorff\AppData\Roaming\Nitro PDF ========== Purity Check ========== < End of report > Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.01.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 master :: PC-AF-001 [Administrator] 01.01.2013 17:34:46 mbam-log-2013-01-01 (17-34-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 371128 Laufzeit: 26 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
02.01.2013, 16:04
| #2 |
| /// Malware-holic   | Googlesuche wird auf falsche Seiten weitergeleitet. hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-2657049114-1421870595-21446388-1114..\Run: [Fidtimkr] C:\Users\wommelsdorff\AppData\Roaming\docprop6.dll ()
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 downloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten. Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________ |
|
03.01.2013, 20:44
| #3 |
| | Googlesuche wird auf falsche Seiten weitergeleitet. Hier die Log.
__________________Upload hat geklappt. Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2657049114-1421870595-21446388-1114\Software\Microsoft\Windows\CurrentVersion\Run\\Fidtimkr deleted successfully.
C:\Users\wommelsdorff\AppData\Roaming\docprop6.dll moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: install
User: master
->Flash cache emptied: 456 bytes
User: master.HAMBURG
->Flash cache emptied: 470 bytes
User: Public
User: wommelsdorff
->Flash cache emptied: 506 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: install
->Temp folder emptied: 983532 bytes
->Temporary Internet Files folder emptied: 1624884 bytes
User: master
->Temp folder emptied: 2132554 bytes
->Temporary Internet Files folder emptied: 13838943 bytes
->Flash cache emptied: 0 bytes
User: master.HAMBURG
->Temp folder emptied: 4714674 bytes
->Temporary Internet Files folder emptied: 1517370 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: wommelsdorff
->Temp folder emptied: 23312164 bytes
->Temporary Internet Files folder emptied: 61792970 bytes
->Java cache emptied: 3834443 bytes
->Google Chrome cache emptied: 26351326 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8046 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 134,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01022013_195914
Code:
ATTFilter System volume information: dwHighDateTime = 0x1cbfae0,dwLowDateTime = 0xcc468ee0
System32: dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8
dwSerialNumber = 0x5c957121
der Fehler tritt nicht mehr auf. Vielen Dank schon mal für eure Hilfe. Wenn ich nichts mehr tun muss, kann hier geschlossen werden. Gruß Kurzerhh |
|
03.01.2013, 20:55
| #4 |
| /// Malware-holic | Googlesuche wird auf falsche Seiten weitergeleitet. Frage von oben noch beantworten bitte, und zu tun haben wir noch.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.01.2013, 21:58
| #5 |
| | Googlesuche wird auf falsche Seiten weitergeleitet. Auf die Fragen bekomme ich leider nie eine Antwort. Es handelt sich hier um den Rechner von einem Kumpel. Was ich weiß ist, dass der Benutzer keine Adminrechte hat. Und die Windowsupdates eigentlich wöchentlich durchgeführt werden. Aber ich bekomme immer wieder zu hören, ich habe nichts getan und ich war auch nicht auf solche Seiten. Nur komisch, dass immer alle wissen wie man den Verlauf löscht. Hier kann ich also leider nicht weiterhelfen. Warte weiter auf Anweisungen. Gruß Kurzerhh |
|
05.01.2013, 18:32
| #6 |
| /// Malware-holic | Googlesuche wird auf falsche Seiten weitergeleitet. Hi, so ist das nu mal :d download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Googlesuche wird auf falsche Seiten weitergeleitet. |
|
05.01.2013, 19:33
| #7 |
| | Googlesuche wird auf falsche Seiten weitergeleitet. TDSS Killer Code:
ATTFilter 19:31:34.0612 6736 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:31:35.0220 6736 ============================================================
19:31:35.0220 6736 Current date / time: 2013/01/05 19:31:35.0220
19:31:35.0220 6736 SystemInfo:
19:31:35.0220 6736
19:31:35.0220 6736 OS Version: 6.1.7601 ServicePack: 1.0
19:31:35.0220 6736 Product type: Workstation
19:31:35.0220 6736 ComputerName: PC-AF-001
19:31:35.0220 6736 UserName: master
19:31:35.0220 6736 Windows directory: C:\Windows
19:31:35.0220 6736 System windows directory: C:\Windows
19:31:35.0220 6736 Running under WOW64
19:31:35.0220 6736 Processor architecture: Intel x64
19:31:35.0220 6736 Number of processors: 2
19:31:35.0220 6736 Page size: 0x1000
19:31:35.0220 6736 Boot type: Normal boot
19:31:35.0220 6736 ============================================================
19:31:35.0766 6736 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:31:35.0766 6736 ============================================================
19:31:35.0766 6736 \Device\Harddisk0\DR0:
19:31:35.0766 6736 MBR partitions:
19:31:35.0782 6736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x402000, BlocksNum 0x2B6BF000
19:31:35.0829 6736 ============================================================
19:31:35.0875 6736 C: <-> \Device\Harddisk0\DR0\Partition1
19:31:35.0875 6736 ============================================================
19:31:35.0875 6736 Initialize success
19:31:35.0875 6736 ============================================================
19:31:44.0549 1344 ============================================================
19:31:44.0549 1344 Scan started
19:31:44.0549 1344 Mode: Manual; SigCheck; TDLFS;
19:31:44.0549 1344 ============================================================
19:31:45.0188 1344 ================ Scan system memory ========================
19:31:45.0188 1344 System memory - ok
19:31:45.0188 1344 ================ Scan services =============================
19:31:45.0344 1344 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:31:45.0407 1344 1394ohci - ok
19:31:45.0422 1344 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:31:45.0438 1344 ACPI - ok
19:31:45.0454 1344 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:31:45.0516 1344 AcpiPmi - ok
19:31:45.0610 1344 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:31:45.0641 1344 AdobeARMservice - ok
19:31:45.0734 1344 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:31:45.0781 1344 AdobeFlashPlayerUpdateSvc - ok
19:31:45.0812 1344 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:31:45.0844 1344 adp94xx - ok
19:31:45.0875 1344 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:31:45.0906 1344 adpahci - ok
19:31:45.0953 1344 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:31:45.0984 1344 adpu320 - ok
19:31:46.0015 1344 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:31:46.0093 1344 AeLookupSvc - ok
19:31:46.0140 1344 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:31:46.0187 1344 AFD - ok
19:31:46.0202 1344 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:31:46.0234 1344 agp440 - ok
19:31:46.0249 1344 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:31:46.0280 1344 ALG - ok
19:31:46.0296 1344 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:31:46.0312 1344 aliide - ok
19:31:46.0327 1344 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:31:46.0343 1344 amdide - ok
19:31:46.0390 1344 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:31:46.0421 1344 AmdK8 - ok
19:31:46.0452 1344 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:31:46.0483 1344 AmdPPM - ok
19:31:46.0514 1344 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:31:46.0546 1344 amdsata - ok
19:31:46.0577 1344 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:31:46.0592 1344 amdsbs - ok
19:31:46.0624 1344 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:31:46.0639 1344 amdxata - ok
19:31:46.0655 1344 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:31:46.0702 1344 AppID - ok
19:31:46.0717 1344 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:31:46.0764 1344 AppIDSvc - ok
19:31:46.0780 1344 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:31:46.0842 1344 Appinfo - ok
19:31:46.0858 1344 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:31:46.0889 1344 AppMgmt - ok
19:31:46.0904 1344 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:31:46.0936 1344 arc - ok
19:31:46.0967 1344 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:31:46.0982 1344 arcsas - ok
19:31:47.0045 1344 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:31:47.0092 1344 aspnet_state - ok
19:31:47.0092 1344 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:31:47.0170 1344 AsyncMac - ok
19:31:47.0201 1344 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:31:47.0232 1344 atapi - ok
19:31:47.0263 1344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:31:47.0341 1344 AudioEndpointBuilder - ok
19:31:47.0341 1344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:31:47.0372 1344 AudioSrv - ok
19:31:47.0419 1344 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:31:47.0466 1344 AxInstSV - ok
19:31:47.0528 1344 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:31:47.0575 1344 b06bdrv - ok
19:31:47.0606 1344 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:31:47.0638 1344 b57nd60a - ok
19:31:47.0653 1344 [ 7729395761F4061A643B573BF7F19AA8 ] BackupReader C:\Windows\system32\DRIVERS\BackupReader.sys
19:31:47.0669 1344 BackupReader - ok
19:31:47.0700 1344 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:31:47.0731 1344 BDESVC - ok
19:31:47.0747 1344 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:31:47.0794 1344 Beep - ok
19:31:47.0840 1344 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:31:47.0918 1344 BFE - ok
19:31:47.0965 1344 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:31:48.0043 1344 BITS - ok
19:31:48.0074 1344 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:31:48.0106 1344 blbdrive - ok
19:31:48.0121 1344 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:31:48.0168 1344 bowser - ok
19:31:48.0184 1344 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:31:48.0215 1344 BrFiltLo - ok
19:31:48.0230 1344 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:31:48.0262 1344 BrFiltUp - ok
19:31:48.0277 1344 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:31:48.0324 1344 Browser - ok
19:31:48.0340 1344 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:31:48.0386 1344 Brserid - ok
19:31:48.0386 1344 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:31:48.0418 1344 BrSerWdm - ok
19:31:48.0433 1344 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:31:48.0464 1344 BrUsbMdm - ok
19:31:48.0480 1344 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:31:48.0496 1344 BrUsbSer - ok
19:31:48.0511 1344 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:31:48.0527 1344 BTHMODEM - ok
19:31:48.0542 1344 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:31:48.0589 1344 bthserv - ok
19:31:48.0652 1344 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
19:31:48.0667 1344 ccEvtMgr - ok
19:31:48.0667 1344 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
19:31:48.0683 1344 ccSetMgr - ok
19:31:48.0698 1344 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:31:48.0730 1344 cdfs - ok
19:31:48.0745 1344 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:31:48.0776 1344 cdrom - ok
19:31:48.0792 1344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:31:48.0839 1344 CertPropSvc - ok
19:31:48.0854 1344 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:31:48.0870 1344 circlass - ok
19:31:48.0886 1344 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:31:48.0917 1344 CLFS - ok
19:31:48.0948 1344 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:31:48.0995 1344 clr_optimization_v2.0.50727_32 - ok
19:31:49.0010 1344 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:31:49.0026 1344 clr_optimization_v2.0.50727_64 - ok
19:31:49.0088 1344 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:31:49.0135 1344 clr_optimization_v4.0.30319_32 - ok
19:31:49.0135 1344 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:31:49.0166 1344 clr_optimization_v4.0.30319_64 - ok
19:31:49.0198 1344 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:31:49.0229 1344 CmBatt - ok
19:31:49.0244 1344 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:31:49.0260 1344 cmdide - ok
19:31:49.0291 1344 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
19:31:49.0322 1344 CNG - ok
19:31:49.0338 1344 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:31:49.0354 1344 Compbatt - ok
19:31:49.0385 1344 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:31:49.0416 1344 CompositeBus - ok
19:31:49.0432 1344 COMSysApp - ok
19:31:49.0447 1344 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:31:49.0463 1344 crcdisk - ok
19:31:49.0494 1344 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:31:49.0541 1344 CryptSvc - ok
19:31:49.0556 1344 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:31:49.0603 1344 CSC - ok
19:31:49.0619 1344 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:31:49.0666 1344 CscService - ok
19:31:49.0681 1344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:31:49.0728 1344 DcomLaunch - ok
19:31:49.0759 1344 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:31:49.0806 1344 defragsvc - ok
19:31:49.0822 1344 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:31:49.0884 1344 DfsC - ok
19:31:49.0900 1344 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:31:49.0962 1344 Dhcp - ok
19:31:49.0978 1344 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:31:50.0024 1344 discache - ok
19:31:50.0071 1344 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:31:50.0071 1344 Disk - ok
19:31:50.0102 1344 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:31:50.0149 1344 dmvsc - ok
19:31:50.0165 1344 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:31:50.0212 1344 Dnscache - ok
19:31:50.0227 1344 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:31:50.0274 1344 dot3svc - ok
19:31:50.0290 1344 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:31:50.0336 1344 DPS - ok
19:31:50.0368 1344 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:31:50.0399 1344 drmkaud - ok
19:31:50.0414 1344 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:31:50.0446 1344 DXGKrnl - ok
19:31:50.0492 1344 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:31:50.0570 1344 EapHost - ok
19:31:50.0633 1344 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:31:50.0726 1344 ebdrv - ok
19:31:50.0773 1344 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:31:50.0804 1344 eeCtrl - ok
19:31:50.0851 1344 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:31:50.0882 1344 EFS - ok
19:31:50.0929 1344 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:31:50.0976 1344 ehRecvr - ok
19:31:50.0992 1344 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:31:51.0038 1344 ehSched - ok
19:31:51.0054 1344 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:31:51.0101 1344 elxstor - ok
19:31:51.0116 1344 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:31:51.0132 1344 EraserUtilRebootDrv - ok
19:31:51.0148 1344 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:31:51.0179 1344 ErrDev - ok
19:31:51.0210 1344 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:31:51.0257 1344 EventSystem - ok
19:31:51.0272 1344 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:31:51.0319 1344 exfat - ok
19:31:51.0335 1344 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:31:51.0381 1344 fastfat - ok
19:31:51.0413 1344 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:31:51.0475 1344 Fax - ok
19:31:51.0491 1344 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:31:51.0522 1344 fdc - ok
19:31:51.0537 1344 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:31:51.0584 1344 fdPHost - ok
19:31:51.0600 1344 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:31:51.0647 1344 FDResPub - ok
19:31:51.0662 1344 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:31:51.0662 1344 FileInfo - ok
19:31:51.0678 1344 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:31:51.0725 1344 Filetrace - ok
19:31:51.0740 1344 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:31:51.0756 1344 flpydisk - ok
19:31:51.0787 1344 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:31:51.0818 1344 FltMgr - ok
19:31:51.0849 1344 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:31:51.0912 1344 FontCache - ok
19:31:51.0959 1344 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:31:51.0974 1344 FontCache3.0.0.0 - ok
19:31:52.0005 1344 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:31:52.0021 1344 FsDepends - ok
19:31:52.0052 1344 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:31:52.0068 1344 Fs_Rec - ok
19:31:52.0099 1344 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:31:52.0115 1344 fvevol - ok
19:31:52.0146 1344 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:31:52.0161 1344 gagp30kx - ok
19:31:52.0193 1344 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:31:52.0239 1344 gpsvc - ok
19:31:52.0302 1344 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:31:52.0333 1344 gupdate - ok
19:31:52.0333 1344 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:31:52.0364 1344 gupdatem - ok
19:31:52.0380 1344 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:31:52.0411 1344 hcw85cir - ok
19:31:52.0427 1344 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:31:52.0473 1344 HdAudAddService - ok
19:31:52.0489 1344 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:31:52.0505 1344 HDAudBus - ok
19:31:52.0551 1344 [ D319A833EC173AD83C67885B3ED6C71C ] HealthAlertsSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
19:31:52.0583 1344 HealthAlertsSvc - ok
19:31:52.0583 1344 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:31:52.0629 1344 HidBatt - ok
19:31:52.0645 1344 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:31:52.0676 1344 HidBth - ok
19:31:52.0692 1344 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:31:52.0707 1344 HidIr - ok
19:31:52.0723 1344 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:31:52.0770 1344 hidserv - ok
19:31:52.0785 1344 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:31:52.0801 1344 HidUsb - ok
19:31:52.0832 1344 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:31:52.0863 1344 hkmsvc - ok
19:31:52.0879 1344 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:31:52.0941 1344 HomeGroupListener - ok
19:31:52.0973 1344 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:31:53.0004 1344 HomeGroupProvider - ok
19:31:53.0035 1344 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:31:53.0051 1344 HpSAMD - ok
19:31:53.0082 1344 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:31:53.0129 1344 HTTP - ok
19:31:53.0144 1344 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:31:53.0160 1344 hwpolicy - ok
19:31:53.0175 1344 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:31:53.0191 1344 i8042prt - ok
19:31:53.0207 1344 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:31:53.0222 1344 iaStor - ok
19:31:53.0253 1344 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:31:53.0269 1344 iaStorV - ok
19:31:53.0316 1344 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:31:53.0347 1344 idsvc - ok
19:31:53.0519 1344 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:31:53.0784 1344 igfx - ok
19:31:53.0799 1344 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:31:53.0831 1344 iirsp - ok
19:31:53.0846 1344 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:31:53.0909 1344 IKEEXT - ok
19:31:53.0940 1344 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
19:31:53.0987 1344 Impcd - ok
19:31:53.0987 1344 [ D319A833EC173AD83C67885B3ED6C71C ] initMonitor C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
19:31:54.0002 1344 initMonitor - ok
19:31:54.0065 1344 [ 0B21B66574E5478FA10CCA2D36694C2D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:31:54.0143 1344 IntcAzAudAddService - ok
19:31:54.0158 1344 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:31:54.0205 1344 IntcDAud - ok
19:31:54.0221 1344 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:31:54.0236 1344 intelide - ok
19:31:54.0267 1344 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:31:54.0299 1344 intelppm - ok
19:31:54.0314 1344 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:31:54.0361 1344 IPBusEnum - ok
19:31:54.0377 1344 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:31:54.0408 1344 IpFilterDriver - ok
19:31:54.0439 1344 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:31:54.0501 1344 iphlpsvc - ok
19:31:54.0517 1344 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:31:54.0548 1344 IPMIDRV - ok
19:31:54.0564 1344 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:31:54.0595 1344 IPNAT - ok
19:31:54.0626 1344 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:31:54.0642 1344 IRENUM - ok
19:31:54.0657 1344 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:31:54.0673 1344 isapnp - ok
19:31:54.0689 1344 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:31:54.0720 1344 iScsiPrt - ok
19:31:54.0720 1344 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:31:54.0735 1344 kbdclass - ok
19:31:54.0751 1344 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:31:54.0782 1344 kbdhid - ok
19:31:54.0782 1344 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:31:54.0798 1344 KeyIso - ok
19:31:54.0813 1344 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:31:54.0829 1344 KSecDD - ok
19:31:54.0845 1344 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:31:54.0860 1344 KSecPkg - ok
19:31:54.0876 1344 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:31:54.0923 1344 ksthunk - ok
19:31:54.0938 1344 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:31:54.0985 1344 KtmRm - ok
19:31:55.0016 1344 [ F11FF47203538DD145FAF56A4DAF5D75 ] LANConfig C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
19:31:55.0016 1344 LANConfig - ok
19:31:55.0063 1344 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:31:55.0110 1344 LanmanServer - ok
19:31:55.0110 1344 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:31:55.0172 1344 LanmanWorkstation - ok
19:31:55.0188 1344 [ 9EA7FEB836F2BF0067E28B5DBDC43521 ] LcsCapiDrv C:\Windows\system32\DRIVERS\rcapi.sys
19:31:55.0203 1344 LcsCapiDrv - ok
19:31:55.0235 1344 [ 3494C48BC6D105D5C91DF41213F84542 ] LcsCapiMdm C:\Windows\system32\DRIVERS\vmdmd.sys
19:31:55.0266 1344 LcsCapiMdm - ok
19:31:55.0281 1344 [ FF8F6F503654486D0547CB847C927CA2 ] LcsFwTool C:\Program Files\LANCOM\LANCAPI\fwtool.exe
19:31:55.0313 1344 LcsFwTool ( UnsignedFile.Multi.Generic ) - warning
19:31:55.0313 1344 LcsFwTool - detected UnsignedFile.Multi.Generic (1)
19:31:55.0344 1344 [ EE524DEAF4689C26AE4453304C4CECF3 ] LCSWAN C:\Windows\system32\DRIVERS\lcswan.sys
19:31:55.0359 1344 LCSWAN - ok
19:31:55.0453 1344 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
19:31:55.0562 1344 LiveUpdate - ok
19:31:55.0625 1344 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:31:55.0703 1344 lltdio - ok
19:31:55.0718 1344 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:31:55.0765 1344 lltdsvc - ok
19:31:55.0781 1344 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:31:55.0827 1344 lmhosts - ok
19:31:55.0843 1344 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:31:55.0859 1344 LSI_FC - ok
19:31:55.0874 1344 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:31:55.0890 1344 LSI_SAS - ok
19:31:55.0905 1344 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:31:55.0937 1344 LSI_SAS2 - ok
19:31:55.0937 1344 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:31:55.0952 1344 LSI_SCSI - ok
19:31:55.0968 1344 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:31:56.0015 1344 luafv - ok
19:31:56.0061 1344 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:31:56.0093 1344 Mcx2Svc - ok
19:31:56.0108 1344 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:31:56.0124 1344 megasas - ok
19:31:56.0139 1344 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:31:56.0171 1344 MegaSR - ok
19:31:56.0186 1344 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:31:56.0233 1344 MMCSS - ok
19:31:56.0249 1344 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:31:56.0280 1344 Modem - ok
19:31:56.0311 1344 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:31:56.0327 1344 monitor - ok
19:31:56.0342 1344 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:31:56.0358 1344 mouclass - ok
19:31:56.0373 1344 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
19:31:56.0405 1344 mouhid - ok
19:31:56.0420 1344 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:31:56.0436 1344 mountmgr - ok
19:31:56.0451 1344 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:31:56.0467 1344 mpio - ok
19:31:56.0483 1344 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:31:56.0529 1344 mpsdrv - ok
19:31:56.0561 1344 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:31:56.0623 1344 MpsSvc - ok
19:31:56.0623 1344 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:31:56.0654 1344 MRxDAV - ok
19:31:56.0685 1344 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:31:56.0701 1344 mrxsmb - ok
19:31:56.0717 1344 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:31:56.0748 1344 mrxsmb10 - ok
19:31:56.0748 1344 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:31:56.0795 1344 mrxsmb20 - ok
19:31:56.0810 1344 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:31:56.0826 1344 msahci - ok
19:31:56.0826 1344 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:31:56.0857 1344 msdsm - ok
19:31:56.0873 1344 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:31:56.0904 1344 MSDTC - ok
19:31:56.0935 1344 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:31:56.0997 1344 Msfs - ok
19:31:57.0029 1344 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:31:57.0060 1344 mshidkmdf - ok
19:31:57.0091 1344 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:31:57.0107 1344 msisadrv - ok
19:31:57.0107 1344 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:31:57.0153 1344 MSiSCSI - ok
19:31:57.0169 1344 msiserver - ok
19:31:57.0169 1344 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:31:57.0200 1344 MSKSSRV - ok
19:31:57.0216 1344 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:31:57.0247 1344 MSPCLOCK - ok
19:31:57.0263 1344 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:31:57.0294 1344 MSPQM - ok
19:31:57.0325 1344 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:31:57.0341 1344 MsRPC - ok
19:31:57.0356 1344 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:31:57.0356 1344 mssmbios - ok
19:31:57.0372 1344 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:31:57.0419 1344 MSTEE - ok
19:31:57.0434 1344 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:31:57.0465 1344 MTConfig - ok
19:31:57.0481 1344 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:31:57.0497 1344 Mup - ok
19:31:57.0512 1344 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:31:57.0559 1344 napagent - ok
19:31:57.0575 1344 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:31:57.0606 1344 NativeWifiP - ok
19:31:57.0699 1344 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130104.032\ENG64.SYS
19:31:57.0715 1344 NAVENG - ok
19:31:57.0762 1344 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130104.032\EX64.SYS
19:31:57.0840 1344 NAVEX15 - ok
19:31:57.0871 1344 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:31:57.0902 1344 NDIS - ok
19:31:57.0918 1344 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:31:57.0965 1344 NdisCap - ok
19:31:57.0980 1344 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:31:58.0011 1344 NdisTapi - ok
19:31:58.0027 1344 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:31:58.0058 1344 Ndisuio - ok
19:31:58.0089 1344 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:31:58.0136 1344 NdisWan - ok
19:31:58.0152 1344 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:31:58.0183 1344 NDProxy - ok
19:31:58.0199 1344 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:31:58.0245 1344 NetBIOS - ok
19:31:58.0261 1344 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:31:58.0292 1344 NetBT - ok
19:31:58.0308 1344 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:31:58.0323 1344 Netlogon - ok
19:31:58.0355 1344 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:31:58.0401 1344 Netman - ok
19:31:58.0417 1344 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:31:58.0433 1344 NetMsmqActivator - ok
19:31:58.0433 1344 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:31:58.0448 1344 NetPipeActivator - ok
19:31:58.0448 1344 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:31:58.0495 1344 netprofm - ok
19:31:58.0495 1344 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:31:58.0511 1344 NetTcpActivator - ok
19:31:58.0511 1344 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:31:58.0526 1344 NetTcpPortSharing - ok
19:31:58.0542 1344 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:31:58.0557 1344 nfrd960 - ok
19:31:58.0620 1344 [ 5E10874181EF22FD8EFD77F7D1AE456B ] NitroDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
19:31:58.0635 1344 NitroDriverReadSpool2 - ok
19:31:58.0667 1344 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:31:58.0698 1344 NlaSvc - ok
19:31:58.0698 1344 [ D319A833EC173AD83C67885B3ED6C71C ] NotificationsProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
19:31:58.0713 1344 NotificationsProviderSvc - ok
19:31:58.0729 1344 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:31:58.0760 1344 Npfs - ok
19:31:58.0776 1344 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:31:58.0807 1344 nsi - ok
19:31:58.0823 1344 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:31:58.0854 1344 nsiproxy - ok
19:31:58.0901 1344 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:31:58.0963 1344 Ntfs - ok
19:31:58.0979 1344 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:31:59.0025 1344 Null - ok
19:31:59.0057 1344 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:31:59.0072 1344 nvraid - ok
19:31:59.0103 1344 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:31:59.0119 1344 nvstor - ok
19:31:59.0135 1344 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:31:59.0150 1344 nv_agp - ok
19:31:59.0166 1344 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:31:59.0197 1344 ohci1394 - ok
19:31:59.0228 1344 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:31:59.0259 1344 ose - ok
19:31:59.0369 1344 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:31:59.0431 1344 osppsvc - ok
19:31:59.0462 1344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:31:59.0493 1344 p2pimsvc - ok
19:31:59.0509 1344 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:31:59.0540 1344 p2psvc - ok
19:31:59.0556 1344 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:31:59.0571 1344 Parport - ok
19:31:59.0603 1344 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:31:59.0618 1344 partmgr - ok
19:31:59.0618 1344 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:31:59.0649 1344 PcaSvc - ok
19:31:59.0665 1344 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:31:59.0681 1344 pci - ok
19:31:59.0696 1344 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:31:59.0712 1344 pciide - ok
19:31:59.0743 1344 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:31:59.0759 1344 pcmcia - ok
19:31:59.0774 1344 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:31:59.0790 1344 pcw - ok
19:31:59.0805 1344 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:31:59.0852 1344 PEAUTH - ok
19:31:59.0883 1344 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:31:59.0961 1344 PeerDistSvc - ok
19:32:00.0024 1344 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:32:00.0055 1344 PerfHost - ok
19:32:00.0086 1344 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:32:00.0149 1344 pla - ok
19:32:00.0180 1344 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:32:00.0258 1344 PlugPlay - ok
19:32:00.0258 1344 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:32:00.0273 1344 PNRPAutoReg - ok
19:32:00.0305 1344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:32:00.0305 1344 PNRPsvc - ok
19:32:00.0336 1344 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:32:00.0383 1344 PolicyAgent - ok
19:32:00.0414 1344 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:32:00.0445 1344 Power - ok
19:32:00.0507 1344 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:32:00.0570 1344 PptpMiniport - ok
19:32:00.0585 1344 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:32:00.0617 1344 Processor - ok
19:32:00.0648 1344 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:32:00.0695 1344 ProfSvc - ok
19:32:00.0710 1344 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:32:00.0710 1344 ProtectedStorage - ok
19:32:00.0741 1344 [ D319A833EC173AD83C67885B3ED6C71C ] providers_system C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
19:32:00.0741 1344 providers_system - ok
19:32:00.0773 1344 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:32:00.0819 1344 Psched - ok
19:32:00.0897 1344 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:32:00.0975 1344 ql2300 - ok
19:32:00.0991 1344 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:32:01.0022 1344 ql40xx - ok
19:32:01.0038 1344 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:32:01.0053 1344 QWAVE - ok
19:32:01.0053 1344 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:32:01.0085 1344 QWAVEdrv - ok
19:32:01.0100 1344 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:32:01.0131 1344 RasAcd - ok
19:32:01.0147 1344 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:32:01.0194 1344 RasAgileVpn - ok
19:32:01.0194 1344 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:32:01.0241 1344 RasAuto - ok
19:32:01.0256 1344 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:01.0303 1344 Rasl2tp - ok
19:32:01.0319 1344 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:32:01.0350 1344 RasMan - ok
19:32:01.0365 1344 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:01.0397 1344 RasPppoe - ok
19:32:01.0428 1344 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:32:01.0459 1344 RasSstp - ok
19:32:01.0475 1344 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:32:01.0521 1344 rdbss - ok
19:32:01.0553 1344 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:32:01.0568 1344 rdpbus - ok
19:32:01.0584 1344 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:01.0615 1344 RDPCDD - ok
19:32:01.0630 1344 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:32:01.0662 1344 RDPDR - ok
19:32:01.0662 1344 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:32:01.0708 1344 RDPENCDD - ok
19:32:01.0708 1344 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:32:01.0755 1344 RDPREFMP - ok
19:32:01.0771 1344 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:32:01.0802 1344 RdpVideoMiniport - ok
19:32:01.0818 1344 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:32:01.0849 1344 RDPWD - ok
19:32:01.0880 1344 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:32:01.0896 1344 rdyboost - ok
19:32:01.0911 1344 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:32:01.0958 1344 RemoteAccess - ok
19:32:01.0989 1344 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:32:02.0020 1344 RemoteRegistry - ok
19:32:02.0052 1344 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
19:32:02.0098 1344 ROOTMODEM - ok
19:32:02.0130 1344 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:32:02.0161 1344 RpcEptMapper - ok
19:32:02.0161 1344 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:32:02.0192 1344 RpcLocator - ok
19:32:02.0208 1344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:32:02.0254 1344 RpcSs - ok
19:32:02.0270 1344 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:32:02.0317 1344 rspndr - ok
19:32:02.0348 1344 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:32:02.0364 1344 RTL8167 - ok
19:32:02.0379 1344 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:32:02.0395 1344 s3cap - ok
19:32:02.0442 1344 [ C3B35487CFB25357D313625A691E1200 ] SageDeploymentService C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe
19:32:02.0488 1344 SageDeploymentService - ok
19:32:02.0488 1344 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:32:02.0504 1344 SamSs - ok
19:32:02.0520 1344 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:32:02.0535 1344 sbp2port - ok
19:32:02.0566 1344 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:32:02.0613 1344 SCardSvr - ok
19:32:02.0629 1344 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:32:02.0676 1344 scfilter - ok
19:32:02.0691 1344 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:32:02.0754 1344 Schedule - ok
19:32:02.0769 1344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:32:02.0800 1344 SCPolicySvc - ok
19:32:02.0816 1344 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:32:02.0847 1344 SDRSVC - ok
19:32:02.0941 1344 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\master.HAMBURG\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
19:32:02.0956 1344 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
19:32:02.0956 1344 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
19:32:02.0988 1344 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:32:03.0050 1344 secdrv - ok
19:32:03.0066 1344 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:32:03.0097 1344 seclogon - ok
19:32:03.0112 1344 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:32:03.0175 1344 SENS - ok
19:32:03.0175 1344 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:32:03.0206 1344 SensrSvc - ok
19:32:03.0237 1344 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:32:03.0253 1344 Serenum - ok
19:32:03.0268 1344 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:32:03.0300 1344 Serial - ok
19:32:03.0315 1344 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:32:03.0346 1344 sermouse - ok
19:32:03.0362 1344 [ 2AF4866050E7C07132473AA5E57630EB ] ServiceProviderRegistry C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
19:32:03.0362 1344 ServiceProviderRegistry - ok
19:32:03.0393 1344 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:32:03.0424 1344 SessionEnv - ok
19:32:03.0440 1344 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:32:03.0456 1344 sffdisk - ok
19:32:03.0487 1344 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:32:03.0502 1344 sffp_mmc - ok
19:32:03.0518 1344 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:32:03.0534 1344 sffp_sd - ok
19:32:03.0565 1344 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:32:03.0580 1344 sfloppy - ok
19:32:03.0612 1344 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:32:03.0658 1344 SharedAccess - ok
19:32:03.0674 1344 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:32:03.0721 1344 ShellHWDetection - ok
19:32:03.0752 1344 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:32:03.0768 1344 SiSRaid2 - ok
19:32:03.0783 1344 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:32:03.0814 1344 SiSRaid4 - ok
19:32:03.0814 1344 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:32:03.0861 1344 Smb - ok
19:32:03.0939 1344 [ 4B1DAFE4100555239354950AC537C98C ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
19:32:04.0002 1344 SmcService - ok
19:32:04.0033 1344 [ F2544BF1302EBFEFD006E32AC55703F4 ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
19:32:04.0048 1344 SNAC - ok
19:32:04.0095 1344 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:32:04.0111 1344 SNMPTRAP - ok
19:32:04.0142 1344 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:32:04.0142 1344 spldr - ok
19:32:04.0173 1344 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:32:04.0204 1344 Spooler - ok
19:32:04.0267 1344 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:32:04.0516 1344 sppsvc - ok
19:32:04.0516 1344 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:32:04.0563 1344 sppuinotify - ok
19:32:04.0579 1344 [ D319A833EC173AD83C67885B3ED6C71C ] SqmProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
19:32:04.0579 1344 SqmProviderSvc - ok
19:32:04.0610 1344 [ 32900AC9CFDC578531279886CA16A4DF ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
19:32:04.0626 1344 SRTSP - ok
19:32:04.0657 1344 [ 8929566D1F14685FD78EAF25BEE3ECC7 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
19:32:04.0672 1344 SRTSPL - ok
19:32:04.0672 1344 [ CB2FDF47EE67F8CCA5362ED9B94FE955 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
19:32:04.0688 1344 SRTSPX - ok
19:32:04.0719 1344 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:32:04.0750 1344 srv - ok
19:32:04.0766 1344 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:32:04.0782 1344 srv2 - ok
19:32:04.0797 1344 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:32:04.0828 1344 srvnet - ok
19:32:04.0860 1344 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:32:04.0906 1344 SSDPSRV - ok
19:32:04.0906 1344 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:32:04.0938 1344 SstpSvc - ok
19:32:04.0953 1344 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:32:04.0984 1344 stexstor - ok
19:32:05.0000 1344 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:32:05.0047 1344 stisvc - ok
19:32:05.0062 1344 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:32:05.0078 1344 storflt - ok
19:32:05.0094 1344 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
19:32:05.0125 1344 StorSvc - ok
19:32:05.0140 1344 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:32:05.0172 1344 storvsc - ok
19:32:05.0172 1344 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:32:05.0187 1344 swenum - ok
19:32:05.0203 1344 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:32:05.0250 1344 swprv - ok
19:32:05.0296 1344 [ B9B3B38A852F13D6F61ACB3994872EDA ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
19:32:05.0328 1344 Symantec AntiVirus - ok
19:32:05.0359 1344 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:32:05.0390 1344 SymEvent - ok
19:32:05.0406 1344 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:32:05.0499 1344 SysMain - ok
19:32:05.0499 1344 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:32:05.0530 1344 TabletInputService - ok
19:32:05.0577 1344 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:32:05.0624 1344 TapiSrv - ok
19:32:05.0640 1344 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:32:05.0671 1344 TBS - ok
19:32:05.0718 1344 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:32:05.0796 1344 Tcpip - ok
19:32:05.0842 1344 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:32:05.0889 1344 TCPIP6 - ok
19:32:05.0905 1344 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:32:05.0920 1344 tcpipreg - ok
19:32:05.0952 1344 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:32:05.0983 1344 TDPIPE - ok
19:32:05.0998 1344 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:32:06.0014 1344 TDTCP - ok
19:32:06.0030 1344 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:32:06.0076 1344 tdx - ok
19:32:06.0154 1344 [ F3C2CD627103DEE48C2085050376ECCE ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
19:32:06.0201 1344 TeamViewer6 - ok
19:32:06.0217 1344 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:32:06.0232 1344 TermDD - ok
19:32:06.0248 1344 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:32:06.0295 1344 TermService - ok
19:32:06.0310 1344 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:32:06.0342 1344 Themes - ok
19:32:06.0357 1344 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:32:06.0388 1344 THREADORDER - ok
19:32:06.0404 1344 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
19:32:06.0435 1344 TPM - ok
19:32:06.0451 1344 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:32:06.0498 1344 TrkWks - ok
19:32:06.0529 1344 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:32:06.0560 1344 TrustedInstaller - ok
19:32:06.0591 1344 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:32:06.0622 1344 tssecsrv - ok
19:32:06.0638 1344 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:32:06.0685 1344 TsUsbFlt - ok
19:32:06.0700 1344 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:32:06.0732 1344 TsUsbGD - ok
19:32:06.0747 1344 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:32:06.0794 1344 tunnel - ok
19:32:06.0810 1344 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:32:06.0841 1344 uagp35 - ok
19:32:06.0856 1344 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:32:06.0903 1344 udfs - ok
19:32:06.0934 1344 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:32:06.0950 1344 UI0Detect - ok
19:32:06.0966 1344 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:32:06.0981 1344 uliagpkx - ok
19:32:06.0997 1344 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:32:07.0028 1344 umbus - ok
19:32:07.0044 1344 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:32:07.0075 1344 UmPass - ok
19:32:07.0090 1344 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:32:07.0122 1344 UmRdpService - ok
19:32:07.0153 1344 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:32:07.0200 1344 upnphost - ok
19:32:07.0231 1344 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:32:07.0262 1344 usbaudio - ok
19:32:07.0278 1344 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:32:07.0309 1344 usbccgp - ok
19:32:07.0324 1344 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:32:07.0356 1344 usbcir - ok
19:32:07.0371 1344 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:32:07.0387 1344 usbehci - ok
19:32:07.0418 1344 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:32:07.0449 1344 usbhub - ok
19:32:07.0465 1344 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:32:07.0480 1344 usbohci - ok
19:32:07.0512 1344 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:32:07.0543 1344 usbprint - ok
19:32:07.0558 1344 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:32:07.0605 1344 USBSTOR - ok
19:32:07.0621 1344 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:32:07.0636 1344 usbuhci - ok
19:32:07.0652 1344 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:32:07.0714 1344 UxSms - ok
19:32:07.0714 1344 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:32:07.0730 1344 VaultSvc - ok
19:32:07.0746 1344 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:32:07.0761 1344 vdrvroot - ok
19:32:07.0777 1344 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:32:07.0824 1344 vds - ok
19:32:07.0839 1344 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:32:07.0855 1344 vga - ok
19:32:07.0870 1344 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:32:07.0902 1344 VgaSave - ok
19:32:07.0917 1344 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:32:07.0933 1344 vhdmp - ok
19:32:07.0948 1344 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:32:07.0964 1344 viaide - ok
19:32:07.0980 1344 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:32:07.0995 1344 vmbus - ok
19:32:08.0011 1344 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:32:08.0042 1344 VMBusHID - ok
19:32:08.0058 1344 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:32:08.0073 1344 volmgr - ok
19:32:08.0089 1344 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:32:08.0104 1344 volmgrx - ok
19:32:08.0120 1344 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:32:08.0136 1344 volsnap - ok
19:32:08.0167 1344 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:32:08.0182 1344 vsmraid - ok
19:32:08.0229 1344 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:32:08.0292 1344 VSS - ok
19:32:08.0323 1344 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:32:08.0354 1344 vwifibus - ok
19:32:08.0370 1344 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:32:08.0432 1344 W32Time - ok
19:32:08.0448 1344 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:32:08.0463 1344 WacomPen - ok
19:32:08.0479 1344 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:32:08.0510 1344 WANARP - ok
19:32:08.0510 1344 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:32:08.0541 1344 Wanarpv6 - ok
19:32:08.0572 1344 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:32:08.0650 1344 wbengine - ok
19:32:08.0666 1344 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:32:08.0682 1344 WbioSrvc - ok
19:32:08.0697 1344 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:32:08.0728 1344 wcncsvc - ok
19:32:08.0728 1344 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:32:08.0760 1344 WcsPlugInService - ok
19:32:08.0791 1344 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:32:08.0806 1344 Wd - ok
19:32:08.0822 1344 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:32:08.0853 1344 Wdf01000 - ok
19:32:08.0869 1344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:32:08.0916 1344 WdiServiceHost - ok
19:32:08.0916 1344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:32:08.0947 1344 WdiSystemHost - ok
19:32:08.0947 1344 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:32:08.0978 1344 WebClient - ok
19:32:08.0994 1344 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:32:09.0025 1344 Wecsvc - ok
19:32:09.0040 1344 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:32:09.0087 1344 wercplsupport - ok
19:32:09.0103 1344 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:32:09.0134 1344 WerSvc - ok
19:32:09.0165 1344 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:32:09.0196 1344 WfpLwf - ok
19:32:09.0196 1344 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:32:09.0212 1344 WIMMount - ok
19:32:09.0243 1344 WinDefend - ok
19:32:09.0243 1344 WinHttpAutoProxySvc - ok
19:32:09.0274 1344 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:32:09.0352 1344 Winmgmt - ok
19:32:09.0384 1344 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:32:09.0462 1344 WinRM - ok
19:32:09.0493 1344 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:32:09.0524 1344 Wlansvc - ok
19:32:09.0555 1344 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:32:09.0571 1344 wlcrasvc - ok
19:32:09.0649 1344 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:32:09.0696 1344 wlidsvc - ok
19:32:09.0711 1344 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:32:09.0742 1344 WmiAcpi - ok
19:32:09.0758 1344 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:32:09.0789 1344 wmiApSrv - ok
19:32:09.0805 1344 WMPNetworkSvc - ok
19:32:09.0836 1344 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:32:09.0867 1344 WPCSvc - ok
19:32:09.0883 1344 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:32:09.0914 1344 WPDBusEnum - ok
19:32:09.0930 1344 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:32:09.0976 1344 ws2ifsl - ok
19:32:10.0008 1344 [ AAA0F5CDE4D5C357A65E14DF793FDA81 ] WSConnectorUpdate C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
19:32:10.0023 1344 WSConnectorUpdate - ok
19:32:10.0023 1344 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:32:10.0054 1344 wscsvc - ok
19:32:10.0054 1344 WSearch - ok
19:32:10.0070 1344 [ D319A833EC173AD83C67885B3ED6C71C ] WSS_ComputerBackupProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
19:32:10.0086 1344 WSS_ComputerBackupProviderSvc - ok
19:32:10.0132 1344 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:32:10.0195 1344 wuauserv - ok
19:32:10.0210 1344 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:32:10.0226 1344 WudfPf - ok
19:32:10.0257 1344 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:32:10.0273 1344 WUDFRd - ok
19:32:10.0288 1344 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:32:10.0320 1344 wudfsvc - ok
19:32:10.0335 1344 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:32:10.0382 1344 WwanSvc - ok
19:32:10.0382 1344 ================ Scan global ===============================
19:32:10.0398 1344 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:32:10.0429 1344 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:32:10.0444 1344 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:32:10.0460 1344 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:32:10.0476 1344 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:32:10.0476 1344 [Global] - ok
19:32:10.0476 1344 ================ Scan MBR ==================================
19:32:10.0491 1344 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:32:10.0710 1344 \Device\Harddisk0\DR0 - ok
19:32:10.0710 1344 ================ Scan VBR ==================================
19:32:10.0741 1344 [ 961D246BDC8630037942F7EA32C90C61 ] \Device\Harddisk0\DR0\Partition1
19:32:10.0741 1344 \Device\Harddisk0\DR0\Partition1 - ok
19:32:10.0741 1344 ============================================================
19:32:10.0741 1344 Scan finished
19:32:10.0741 1344 ============================================================
19:32:10.0756 5688 Detected object count: 2
19:32:10.0756 5688 Actual detected object count: 2
19:32:34.0920 5688 LcsFwTool ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:34.0920 5688 LcsFwTool ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:34.0920 5688 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:34.0920 5688 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.01.2013, 19:57
| #8 | |
| /// Malware-holic | Googlesuche wird auf falsche Seiten weitergeleitet. Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.01.2013, 17:44
| #9 |
| | Googlesuche wird auf falsche Seiten weitergeleitet. Combofix Code:
ATTFilter ComboFix 13-01-05.01 - master 06.01.2013 17:34:26.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4000.1948 [GMT 1:00]
ausgeführt von:: c:\users\wommelsdorff\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3769320754
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-06 bis 2013-01-06 ))))))))))))))))))))))))))))))
.
.
2013-01-02 18:59 . 2013-01-02 18:59 -------- d-----w- C:\_OTL
2013-01-01 19:47 . 2013-01-01 19:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-01 19:47 . 2013-01-01 19:47 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-01 19:46 . 2013-01-01 19:46 -------- d-----w- c:\program files (x86)\Java
2013-01-01 18:48 . 2013-01-01 18:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-01-01 18:29 . 2013-01-01 18:29 -------- d-----w- c:\program files\CCleaner
2013-01-01 18:28 . 2013-01-01 18:28 -------- d-----w- c:\users\master.HAMBURG\AppData\Roaming\OCS
2013-01-01 18:27 . 2013-01-01 18:30 -------- d-----w- c:\users\wommelsdorff\AppData\Local\Opera
2013-01-01 18:26 . 2013-01-01 18:27 -------- d-----w- c:\users\wommelsdorff\AppData\Local\Programs
2012-12-29 14:36 . 2012-12-29 14:36 -------- d-----w- c:\users\master.HAMBURG\AppData\Local\Microsoft_Corporation
2012-12-29 13:36 . 2012-12-29 13:36 -------- d-----w- c:\users\master.HAMBURG\AppData\Local\Programs
2012-12-28 10:40 . 2012-12-28 10:40 2959 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2012-12-21 14:54 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 14:48 . 2012-12-29 16:53 -------- d-----w- c:\users\master.HAMBURG\AppData\Local\Google
2012-12-21 14:48 . 2012-12-21 14:49 -------- d-----w- c:\users\wommelsdorff\AppData\Local\Google
2012-12-21 14:47 . 2012-12-21 14:47 -------- d-----w- c:\users\wommelsdorff\AppData\Local\Deployment
2012-12-21 14:47 . 2012-12-21 14:47 -------- d-----w- c:\users\wommelsdorff\AppData\Local\Apps
2012-12-20 07:02 . 2012-12-20 07:02 -------- d-----w- c:\users\wommelsdorff\AppData\Roaming\Malwarebytes
2012-12-19 18:51 . 2012-12-19 18:51 -------- d-----w- c:\users\master.HAMBURG\AppData\Roaming\Malwarebytes
2012-12-19 18:51 . 2012-12-19 18:51 -------- d-----w- c:\programdata\Malwarebytes
2012-12-19 18:51 . 2012-12-29 13:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-19 18:51 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 21:43 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 21:42 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-11 21:42 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-01 19:46 . 2012-07-19 10:25 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-01 19:46 . 2012-07-19 10:25 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-01 19:42 . 2012-04-21 19:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-01 19:42 . 2012-04-21 19:10 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 07:47 . 2012-04-22 07:38 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-27 23:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 23:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 23:50 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 03:42 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 03:42 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 03:42 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 03:42 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LANCAPI"="c:\program files\LANCOM\LANCAPI\rcapi.exe" [2011-06-16 482816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2012-04-22 115560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\wommelsdorff\Downloads\OTL.exe" [2012-12-29 602112]
.
c:\users\wommelsdorff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
LANCAPI.lnk - c:\program files\LANCOM\LANCAPI\rcapi.exe [2011-6-16 482816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 initMonitor;Windows Server-Initialisierungsdienst;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-04-13 158976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R4 SqmProviderSvc;SQM-Dienst von Windows Server;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 HealthAlertsSvc;Integritätsdienst von Windows Server;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 LANConfig;Windows Server-LAN-Konfiguration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [2011-03-02 27520]
S2 LcsFwTool;LANCOM Systems FWTool;c:\program files\LANCOM\LANCAPI\fwtool.exe [2011-06-16 214528]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-09-04 216072]
S2 NotificationsProviderSvc;Windows Server-Anbieterdienst für Benachrichtigungen;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 providers_system;Windows Server-Downloaddienst;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 SageDeploymentService;Sage Verteilungsdienst;c:\program files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe [2011-05-31 424088]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\master.HAMBURG\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-01-01 40960]
S2 ServiceProviderRegistry;Dienstanbieterregistrierung von Windows Server;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [2012-01-12 40832]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2367360]
S2 WSConnectorUpdate;Windows Server-Connector-Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [2011-03-02 228736]
S2 WSS_ComputerBackupProviderSvc;Windows Server-Anbieterdienst für die Clientcomputersicherung;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2011-03-02 63872]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-04-13 317440]
S3 LcsCapiDrv;LANCAPI Driver;c:\windows\system32\DRIVERS\rcapi.sys [2011-06-16 338432]
S3 LcsCapiMdm;LANCOM CAPI Faxmodem Port;c:\windows\system32\DRIVERS\vmdmd.sys [2009-08-25 279712]
S3 LCSWAN;LANCOM NDISWAN;c:\windows\system32\DRIVERS\lcswan.sys [2010-11-04 31744]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-07-29 533096]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 63772799
*Deregistered* - 63772799
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 19:42]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 14:48]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 14:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-13 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-13 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-13 418840]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"Ocs_SM"="c:\users\master.HAMBURG\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-01-01 106496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FTSG&bmod=FTSG
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.40.5 217.237.150.205
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SMB50StarMoneyRunEntry - x:\app\oflagent.exe
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
HKLM-Run-Launchpad - c:\program files (x86)\Windows Server\Bin\Launchpad.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.bmp.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.ico.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.jpg.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.png.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.tif.15.4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.wdp.15.4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-06 17:40:17
ComboFix-quarantined-files.txt 2013-01-06 16:40
.
Vor Suchlauf: 10 Verzeichnis(se), 322.116.677.632 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 321.923.026.944 Bytes frei
.
- - End Of File - - 9AC3E796F09C46BD04BDE0EEBCB868C1
|
|
07.01.2013, 16:14
| #10 |
| /// Malware-holic | Googlesuche wird auf falsche Seiten weitergeleitet. Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Googlesuche wird auf falsche Seiten weitergeleitet. |
| 7-zip, andere, board, duplicati, folge, folgen, forum, frohes, gesundes, google, gruppe, install.exe, installier, installiert, intranet, laufe, laufen, malwarebytes, neues, ntdll.dll, plug-in, scans, seite, seiten, starmoney, suche, troja, trojaner, ungültiges, weitergeleitet, wünsche |
Linear-Darstellung
